How to exploit SQL injection

at 2005-02-03 in Further reading by kiesel (0 comments)

We've all heard much the term "SQL injection". It describes a quite common problem that web applications suffer from because their developers did not care to sanitize the user's input resulting in insecure pages.

Ok, so what can you actually do with it? Impact ranges from logging into as someone else - in the worstcase as administrator - to modifying data to the full access over the complete web- and database system.

That's for the theory. Often it's easy to find exploits when you have the code. But what if you're just the anonymous remote user? This interesting article describes a technique using simple trial and error methods and guesses that can be used to gain access to - in this case a company's intranet.



Subscribe

You can subscribe to the XP framework's news by using RSS syndication.


Categories

News
General
PHP5
Announcements
RFCs
Further reading
Examples
Editorial
EASC
Experiments
Unittests
Databases
5.8-SERIES
Unicode
Language
5.9-SERIES

Related

Find related articles by a search for «How».