Penetration Testing mailing list archives
Re: [PEN-TEST] Hacking SQL queries ...
From: Florian Specker <specker () ICU UNIZH CH>
Date: Thu, 8 Feb 2001 01:38:25 +0100
Since I'm an SQL newbie, I'd be curious to know how someone could supply the appropriate input to do bad things on the SQL server - either in R/O or R/W mode
well, i didn't dive too deeply into this subject, but afaik, as long as
the user-input is just Strings that get escaped, there shouldn't be a
problem (correct me if i'm wrong). But if user-input gets written into
an INT-field (or any other data type that does not require those "'"),
you're in trouble if you write without server-side checking... imagine a
HTML-form containing only integer values, in combination with a query
like:
SELECT Name FROM Users WHERE ID = <user_input> ORDER BY Name
no problem if <user_input> is really integer... but what about
5; DROP TABLE SomeOtherTable; SELECT Name FROM Users WHERE ID = 5
? Hope you've got a backup :)
cheers, florian
--
Florian Specker, specker () icu unizh ch
-------------------------------------------------------
Ich brauche keine Lebensversicherung. Ich möchte,
dass alle richtig traurig sind, wenn ich einmal sterbe.
Current thread:
- Re: [PEN-TEST] Expand right under Win2K Gary Flynn (Feb 06)
- Re: [PEN-TEST] Expand right under Win2K Tamas Foldi (Feb 06)
- <Possible follow-ups>
- Re: [PEN-TEST] Expand right under Win2K Reinder Wiersma (Feb 07)
- [PEN-TEST] Hacking SQL queries ... Aurobindo Sundaram (+1 512 918 1390) (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Nicolas GREGOIRE (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Aaron C. Newman (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Florian Specker (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Philip Wagenaar (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Aaron C. Newman (Feb 10)
- [PEN-TEST] Hacking SQL queries ... Aurobindo Sundaram (+1 512 918 1390) (Feb 07)