Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
4Activity
0 of .
Results for:
No results containing your search query
P. 1
SQL Injection, Are Your Web Applications Vulnerable

SQL Injection, Are Your Web Applications Vulnerable

Ratings: (0)|Views: 48|Likes:
Published by cepimanca

More info:

Published by: cepimanca on Apr 20, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/04/2010

pdf

text

original

 
 
 © 2002 SPI Dynamics, Inc. All Right Reserved. No reproduction or redistribution without written permission.Page 1
SQL Injection
Are Your Web Applications Vulnerable?
A White Paper from SPI Dynamics
 
 
 © 2002 SPI Dynamics, Inc. All Right Reserved. No reproduction or redistribution without written permission.Page 2
TABLE OF CONTENTS
 
 
 © 2002 SPI Dynamics, Inc. All Right Reserved. No reproduction or redistribution without written permission.Page 3
1. Overview and introduction to web applications andSQL injection1.1. Overview
SQL injection is a technique for exploiting web applications that use client-supplieddata in SQL queries without stripping potentially harmful characters first. Despite beingremarkably simple to protect against, there is an astonishing number of production systemsconnected to the Internet that are vulnerable to this type of attack. The objective of this paperis to educate the professional security community on the techniques that can be used to takeadvantage of a web application that is vulnerable to SQL injection, and to make clear thecorrect mechanisms that should be put in place to protect against SQL injection and inputvalidation problems in general.
1.2. Background
Before reading this, you should have a basic understanding of how databases work andhow SQL is used to access them. I recommend reading eXtropia.com’s “Introduction toDatabases for Web Developers” at
. 
1.3. Character encoding
In most web browsers, punctuation characters and many other symbols will need to beURL encoded before being used in a request in order to be interpreted properly. In this paper Ihave used regular ASCII characters in the examples and screenshots in order to maintainmaximum readability. In practice, though, you will need to substitute %25 for percent sign,%2B for plus sign, etc. in the HTTP request statement.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->