Penetration Testing mailing list archives
Re: [PEN-TEST] Hacking SQL queries ...
From: Florian Specker <specker () ICU UNIZH CH>
Date: Thu, 8 Feb 2001 01:38:25 +0100
Since I'm an SQL newbie, I'd be curious to know how someone could supply the appropriate input to do bad things on the SQL server - either in R/O or R/W mode
well, i didn't dive too deeply into this subject, but afaik, as long as the user-input is just Strings that get escaped, there shouldn't be a problem (correct me if i'm wrong). But if user-input gets written into an INT-field (or any other data type that does not require those "'"), you're in trouble if you write without server-side checking... imagine a HTML-form containing only integer values, in combination with a query like: SELECT Name FROM Users WHERE ID = <user_input> ORDER BY Name no problem if <user_input> is really integer... but what about 5; DROP TABLE SomeOtherTable; SELECT Name FROM Users WHERE ID = 5 ? Hope you've got a backup :) cheers, florian -- Florian Specker, specker () icu unizh ch ------------------------------------------------------- Ich brauche keine Lebensversicherung. Ich möchte, dass alle richtig traurig sind, wenn ich einmal sterbe.
Current thread:
- Re: [PEN-TEST] Expand right under Win2K Gary Flynn (Feb 06)
- Re: [PEN-TEST] Expand right under Win2K Tamas Foldi (Feb 06)
- <Possible follow-ups>
- Re: [PEN-TEST] Expand right under Win2K Reinder Wiersma (Feb 07)
- [PEN-TEST] Hacking SQL queries ... Aurobindo Sundaram (+1 512 918 1390) (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Nicolas GREGOIRE (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Aaron C. Newman (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Florian Specker (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Philip Wagenaar (Feb 07)
- Re: [PEN-TEST] Hacking SQL queries ... Aaron C. Newman (Feb 10)
- [PEN-TEST] Hacking SQL queries ... Aurobindo Sundaram (+1 512 918 1390) (Feb 07)