Library tutorials & articles

SQL Injection Attacks by Example

By Stephen J. Friedl, published on 17 Jan 2005
Page 7 of 7
  1. Introduction
  2. The Target Intranet
  3. Schema Field Mapping
  4. Finding some users
  5. The database isn't readonly
  6. Mitigations
  7. Conclusion

Conclusion

We'd like to emphasize that though we chose the "Forgotten password" link to attack in this particular case, it wasn't really because this particular web application feature is dangerous. It was simply one of several available features that might have been vulnerable, and it would be a mistake to focus on the "Forgotten password" aspsect of the presentation.

This Tech Tip has not been intended to provide comprehensive coverage on SQL injection, or even a tutorial: it merely documents the process that evolved over several hours during a contracted engagement. We've seen other papers on SQL injection discuss the technical background, but still only provide the "money shot" that ultimately gained them access.

But that final statement required background knowledge to pull off, and the process of gathering that information has merit too. One doesn't always have access to source code for an application, and the ability to attack a custom application blindly has some value.

Thanks to David Litchfield and Randal Schwartz for their technical input to this paper.

Comments

  1. jshindl
    07 Feb 2005 at 16:22
    This is a good article, but check out this article to actually automatically get a copy of the whole database.

    http://database.ittoolbox.com/browse.asp?c=DBPeerPublishing&r=%2Fpub%2FSG090202%2Epdf
  2. Developer Fusion Bot
    01 Jan 1999 at 00:00

    This thread is for discussions of SQL Injection Attacks by Example.

Leave a comment

Sign in or Join us (it's free).

Related tags

php, sql, db, security
Stephen J. Friedl UNIX Wizard and Microsoft MVP
AddThis

Related articles

Ask a question

Related discussion

Related podcasts

  • Roundup 09 - Java Plugin Architectures

    Roundup 09 - Plug-in Architectures in JavaFully formatted shownotes can always be found at http://javaposse.com NetBeans pluginshttp://platform.netbeans.org/tutorials/nbm-google.html IntelliJ pluginshttp://www.jetbrains.com/idea/plugins/plugin_developers.html Hudson pluginshttp://wiki.hudson-c...

Events coming up

  • Dec 3

    The Auckland PHP December meetup

    Auckland, New Zealand

    Topic: Magento E-Commerce platform Speaker: Robert Popovic, LERO9, Robert is the Technical Director and co-founder of LERO9. Robert attended the Electrotechnical Faculty at The University of Belgrade where he graduated with a Masters in Computer Science and Information Technology. Robert has worked exclusively in the field of web and software development throughout his career.

Languages

Web Development

Frameworks & Architecture

Other major sections

Cancel
Want to stay in touch with what's going on? Follow us on twitter!