Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
SQLInjection WhitePaper

SQLInjection WhitePaper

Ratings: (0)|Views: 241|Likes:
Published by rajnigs
Sql Injection is nice pdf to learn and get idea about SQL injection concepts.
Sql Injection is nice pdf to learn and get idea about SQL injection concepts.

More info:

Published by: rajnigs on Sep 05, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/10/2010

pdf

text

original

 
 
© 2002 SPI Dynamics, Inc. All Right Reserved. No reproduction or redistribution without written permission.Page 1
SQL Injection
Are Your Web Applications Vulnerable?
A White Paper from SPI DynamicsAuthor: Kevin Spett
 
 
© 2002 SPI Dynamics, Inc. All Right Reserved. No reproduction or redistribution without written permission.Page 2
TABLE OF CONTENTS
 
 
© 2002 SPI Dynamics, Inc. All Right Reserved. No reproduction or redistribution without written permission.Page 3
1. Overview and introduction to web applications andSQL injection1.1. Overview
SQL injection is a technique for exploiting web applications that use client-supplieddata in SQL queries without stripping potentially harmful characters first. Despite beingremarkably simple to protect against, there is an astonishing number of production systemsconnected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to takeadvantage of a web application that is vulnerable to SQL injection, and to make clear thecorrect mechanisms that should be put in place to protect against SQL injection and inputvalidation problems in general.
1.2. Background
Before reading this, you should have a basic understanding of how databases work andhow SQL is used to access them. I recommend reading eXtropia.com’s “Introduction toDatabases for Web Developers” at
. 
1.3. Character encoding
In most web browsers, punctuation characters and many other symbols will need to beURL encoded before being used in a request in order to be interpreted properly. In this paper Ihave used regular ASCII characters in the examples and screenshots in order to maintainmaximum readability. In practice, though, you will need to substitute %37 for percent sign,%43 for plus sign, etc. in the HTTP request statement.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->