SQL injection walkthrough
11th May 2009
SecuriTeam has an old, but still very useful article on SQL injection.
I’ve created a PDF of that article, containing some of the comments (all the ‘thank-you’ and ‘help-me-hack’ comments were removed): sql injection walkthrough pdf download.
Note: there were no specific license terms attached to the article; I believe that the word “free” on the SecuriTeam site logo refers to the “right of free use and copying”. If you know this is not the case – please let me know to remove this PDF from public access. (see Brian’s comment)
May 13th, 2009 at 0:06
Hi,
Your use of the article on SQL injection is fine.
FYI: The term ‘free’ on our web site relates to having no cost.
Your nice layout that includes our URL in the footer is good.
Question: I’d like to find someone who would like to do a review on web site scanning tools. Do you know of anyone who does that kind of writing?
Brian
May 13th, 2009 at 10:37
Hi Brian,
thanks for granting permission on the PDF version of the article.
Unfortunately, I do not know anyone capable of both doing a review you want and then writing it.
I would be interested in doing that myself, but I’m not really a specialist in web-security (despite being an experienced LAMP programmer), and still would expect some kind of a bonus/reward for this kind of effort
If that sounds fine, then I might come up with a review of 2-4 tools within several weeks (testing them on my sites). Initial tool suggestions would be welcome then. Contact form sends an email right to my inbox.
May 18th, 2009 at 15:33
sqlmap package has recently become available in Debian testing, and it performs automated SQL injection analysis.
I’ve just installed it, might post later my experience using it.