AardvarkBusiness.net - Business Search Engine AardvarkBusiness.net - Business Search Engine



 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

     

SQL Injection

 
 
Post new topic   Reply to topic    AardvarkBusiness.net Forum Index -> Programming Forum
View previous topic :: View next topic  
Author Message
jbpostal
Temp


Joined: 13 Apr 2008
Posts: 1

4 ants

PostPosted: Sun Apr 13, 2008 7:48 am    Post subject: SQL Injection Reply with quote

What is SQL Injection and what are the threats relating with this???
_________________
improve search engine rankings
Back to top
View user's profile Send private message
Neilson
President
President


Joined: 27 Oct 2004
Posts: 589
Location: FL
695 ants

PostPosted: Tue Apr 15, 2008 12:49 pm    Post subject: Reply with quote

Take a look at this thread -- http://www.aardvarkbusiness.net/chat/viewtopic.php?t=17096
_________________
AOSEP - SEO Forum
Back to top
View user's profile Send private message Visit poster's website
riskbase
Secretary
Secretary


Joined: 27 Apr 2009
Posts: 5

6 ants

PostPosted: Tue Apr 28, 2009 12:58 pm    Post subject: Reply with quote

Hi,
SQL injection occurs when non-properly escaped code gets into sensitive parts of your application, allowing the attacker to bypass credentials checking or perform illicit operations. Are you using PHP?
Back to top
View user's profile Send private message
riskbase
Secretary
Secretary


Joined: 27 Apr 2009
Posts: 5

6 ants

PostPosted: Tue Apr 28, 2009 4:19 pm    Post subject: Reply with quote

If it's php just use some of the mainstream frameworks, like Zend Framework, that will give you piece of mind regarding the main safety issues, including session fixation, session hijacking, sql injection and other similar.
Back to top
View user's profile Send private message
planetZest
Executive PA
Executive PA


Joined: 12 Oct 2004
Posts: 51
Location: Reading, UK
58 ants

PostPosted: Thu Apr 21, 2011 9:00 am    Post subject: Reply with quote

If its ASP or .NET there are plenty of free examples with a quick copy n paste function that you can quickly implement into your code/forms input fields to look out for the keywords: "select, "drop", ";", "--", "insert", "delete", "xp_", "SELECT", "DROP", "INSERT", "DELETE", "XP_
_________________
Piers
Bespoke Web solutions < (needs updating lol 8 years old)
Personalised Handmade Cards
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
bccy254
Temp


Joined: 19 Oct 2011
Posts: 3

4 ants

PostPosted: Sat Dec 03, 2011 8:00 am    Post subject: Reply with quote

my DB name. I cannot understand this query they wrote.
Query:
=-999.9%20UNION%20ALL%20SELECT%20concat(0x7e,0x27,Hex(cast(database()%20as%20char)),0x27,0x7e),0x31303235343830303536,0x31303235343830303536,0x31303235343830303536--
After the query has run it shows an integer result, something like "74545883".
Can you please explain how the query works and how they got my DB name?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    AardvarkBusiness.net Forum Index -> Programming Forum All times are GMT + 1 Hour
Page 1 of 1

 
Google
 
Business Forum Sport Forum Travel Forum


Powered by php B B © 2001, 2002 php B B Group

AardvarkBusiness.net Business Search Engine & Directory