Penetration Testing mailing list archives
Re: sql injection: url or form based?
From: Brian Rectanus <brectanu () gmail com>
Date: Sat, 11 Feb 2006 00:38:28 -0500
One big difference is that if you can accomplish the same injection attack via GET or POST, then POST would be prefered (or not preferred, depending on what side you are taking here, heh). The chances of the POSTed data being logged is low, and that would lower the chances of detecting the attack. Also, any URL based checks (ala rewrite, etc) may be avoided with a POST. -B ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- sql injection: url or form based? johnny Mnemonic (Feb 10)
- Re: sql injection: url or form based? FocusHacks (Feb 10)
- Re: sql injection: url or form based? Bernhard Finkbeiner (Feb 10)
- Re: sql injection: url or form based? Brian Rectanus (Feb 11)
- Re: sql injection: url or form based? Bernhard Finkbeiner (Feb 10)
- Re: sql injection: url or form based? dork (Feb 10)
- Re: sql injection: url or form based? AdamT (Feb 10)
- <Possible follow-ups>
- RE: sql injection: url or form based? Evans, Arian (Feb 10)
- RE: sql injection: url or form based? Kyle Quest (Feb 10)
- RE: sql injection: url or form based? LAROUCHE Francois (Feb 13)
- Re: sql injection: url or form based? FocusHacks (Feb 10)