Professional Documents
Culture Documents
Vadim Gellerman
Inband ctd.
Some other examples of SQL injection through the inbound use of a hyperlink are: http://www.mydomain.com/products/products.asp?productid=123; DROP TABLE Products http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT user-name, password FROM USERS The first will drop the products table, while the second while return two tables, the productID, and the union joined table with a list of user names and passwords.
Login based injection: Restrict input field length. Instead of allowing an unlimited amount of characters to be entered for user name and password, restricting them will make it more difficult for someone to run a malicious query. While it may not prevent direct read access, it can prevent statements like drop. User privileges: Have a Superuser/Admin with full rights, but limit other users to only the things they need to do. This way, if someone accesses the database, they ll have a restricted amount of privileges. Use proper escapes strings, generally created through PHP. $SQL = "SELECT * FROM users where username = "mysql_real_escape_string($POST['user']); When someone tries to access the database using a command like OR 1 ;, their query would return \ OR 1\ , because your query was created to have a defined escape string.
FIN