WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SQL Injection data retrieving??

From: "Peter Harrison" <peter.harrison () netshift com>
Date: Wed, 15 Sep 2004 16:41:23 +0100
Hi all

This reminds me of an article on SQL Injection I once read about in an
e-zine:

http://web.textfiles.com/ezines/OUTBREAK/outbreak-10.txt
(Scroll down to the article about SQL injection)

I hope that helps in your efforts to promote web app and database security.

regards
Peter

-----Original Message-----
From: Jonathan Angliss [mailto:jon () netdork net]
Sent: 14 September 2004 21:29
To: Roland Despins
Cc: webappsec () securityfocus com
Subject: Re: SQL Injection data retrieving??


Hi Roland,

Monday, September 13, 2004, 1:26:47 AM, you wrote:

ou application is vulnerable to SQL injection and I'm trying to
build some sort of "exploit" in order to show them how simple it is
to get data out of our database! So they might consider security
from a other point of view...


Extracting data is just one point of an exploit... you can always
destroy the data, or modify it so it is unusable. They might be more
influenced towards a more secure setup when all their data becomes
corrupt and unusuable, or even worse, missing.

--
Jonathan Angliss
(jon () netdork net)

I am Drunk of Borg. Resistance is floor tile!
Previous By Date Next
Previous By Thread Next

Current thread: