Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

    SQL injection walkthrough

    11th May 2009

    SecuriTeam has an old, but still very useful article on SQL injection.

    I’ve created a PDF of that article, containing some of the comments (all the ‘thank-you’ and ‘help-me-hack’ comments were removed): sql injection walkthrough pdf download.

    Note: there were no specific license terms attached to the article; I believe that the word “free” on the SecuriTeam site logo refers to the “right of free use and copying”. If you know this is not the case – please let me know to remove this PDF from public access. (see Brian’s comment)

    Share

    3 Responses to “SQL injection walkthrough”

    1. Brian Pearce Says:

      Hi,

      Your use of the article on SQL injection is fine.

      FYI: The term ‘free’ on our web site relates to having no cost.

      Your nice layout that includes our URL in the footer is good.

      Question: I’d like to find someone who would like to do a review on web site scanning tools. Do you know of anyone who does that kind of writing?

      Brian

    2. Bogdan Says:

      Hi Brian,

      thanks for granting permission on the PDF version of the article.

      Unfortunately, I do not know anyone capable of both doing a review you want and then writing it.

      I would be interested in doing that myself, but I’m not really a specialist in web-security (despite being an experienced LAMP programmer), and still would expect some kind of a bonus/reward for this kind of effort :) If that sounds fine, then I might come up with a review of 2-4 tools within several weeks (testing them on my sites). Initial tool suggestions would be welcome then. Contact form sends an email right to my inbox.

    3. Bogdan Says:

      sqlmap package has recently become available in Debian testing, and it performs automated SQL injection analysis.
      I’ve just installed it, might post later my experience using it.

    Leave a Reply

    XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>