David,
See the links at http://www.owasp.org
In particular,
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
Regards,
Bill Boyd
Astronomy Department
On Apr 4, 2006, at 10:25 AM, David Kalins wrote:
> Folks -- A few weeks ago at our security sig meeting, a simple and
> cleverly nasty little trick was demonstrated to crack into common
> mysql
> applications. Does anyone recall exactly how that was done? I'm
> currently looking at an application that someone wants to put up on
> one of
> our systems, and while looking at his code, it seems to me he takes no
> precaution against this kind of attack. If I could demonstrate
> that to
> him, I'd be able to get him to take more care with his code. But
> it all
> went by so fast during the presentation, I wasn't able to write it all
> down. Could someone remind me of how it was done?
>
> --dk
>
>
> ----------------------------------------------------------------------
> --
> The following was automatically added to this message by the list
> server:
>
> For information about Micronet, including subscribing to
> or unsubscribing from its mailing list and finding out
> about upcoming meetings, please visit the Micronet Web site:
> <http://micronet.berkeley.edu/>.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue Apr 4 10:34:15 2006
This archive was generated by hypermail 2.1.8 : Tue Apr 04 2006 - 10:34:15 PDT