SQL Injection Attacks by Example

We all know about the security threat of non-sanitized user input, but it’s pretty scary how much a hacker can learn about your database structure just through SQL injections. This article, one of the most interesting I’ve read in a long time, shows how easy it is to gain access to an intranet area.

A customer asked that we check out his intranet site, which was used by the company’s employees and customers. This was part of a larger security review, and though we’d not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.

Have something to tell us about this article?
Let us know

or Comment Below

LOGIN to Comment
LOGIN to Comment

Got a tip?

Let us know