Penetration Testing mailing list archives
Fw: Sql injection/admin privileges
From: "Quentin Chung@Programmer" <quentin.chung () programmer com hk>
Date: Tue, 31 Mar 2009 12:59:35 +0800
see http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet from Dave Wichers Best Regards, Quentin ----- Original Message ----- From: "NETTLES, RICHARD R." <rn0308982 () otc edu> To: "pen-test" <pen-test () securityfocus com> Sent: Monday, March 30, 2009 3:50 AM Subject: Sql injection/admin privileges
I have been trying to learn more about website penetration. At the moment, a friend of mine runs a website and told me I could use it to help me out as long as I don't destroy anything and report to him everything I find. While I was doing manual input into the login, I found a hole that will give me access to a members account. Is it possible to access the admin account, or at least receive elevated privileges through that same hole? What reading material would you recommend to learn more about doing SQL injections, and what are some certifications that I should look into getting? Thank you, Richard ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- Fw: Sql injection/admin privileges Quentin Chung@Programmer (Apr 03)