Fw: Sql injection/admin privileges

["Quentin Chung@Programmer" <quentin.chung () programmer com hk>]

see 
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet from Dave Wichers
Best Regards, Quentin

----- Original Message ----- 
From: "NETTLES, RICHARD R." <rn0308982 () otc edu>
To: "pen-test" <pen-test () securityfocus com>
Sent: Monday, March 30, 2009 3:50 AM
Subject: Sql injection/admin privileges


> I have been trying to learn more about website penetration.  At the moment, a friend of mine runs a website and told 
> me I could use it to help me out as long as I don't destroy anything and report to him everything I find.  While I was 
> doing manual input into the login,  I found a hole that will give me access to a members account.  Is it possible to 
> access the admin account, or at least receive elevated privileges through that same hole? What reading material would 
> you recommend to learn more about doing SQL injections, and what are some certifications that I should look into 
> getting?
>
> Thank you,
> Richard
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing 
> courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
> hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. 
>
> http://www.infosecinstitute.com/request_online_training.html
> ------------------------------------------------------------------------