| |||||||
This is a discussion on SQL injection.. within the ASP/ASP.NET section, part of the Programming category; Hai...here some information about sql injection SQL injection is a technique that exploits a security vulnerability occurring in the database ...
 |
|
| | LinkBack | Thread Tools | Display Modes |
|
#1
04-06-2008, 06:27 PM
| ||||
| ||||
 SQL injection..
Hai...here some information about sql injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. from wikipedia: * SQL Injection can be accomplished by manipulating the query string.. * SQL Injection isn't just used against username/password authentication. * SQL Injection can be executed anywhere input is being returned from the client, whether it is in a form, URL, hidden etc.... I am adding two links here which may be useful to others...:thumbup: 1 : http://www.securiteam.com/securityre...DP0N1P76E.html 2: http://www.unixwiz.net/techtips/sql-injection.html One useful function to prevent sql injection : Code: Function Escinjection(Strinput)
IF len(Strinput)=0 or ISnull(Strinput) then
Else
Strinput = Replace (Strinput,"%","")
Strinput = Replace (Strinput,"'","")
Strinput = Replace (Strinput,"*","")
Strinput = Replace (Strinput,"--","")
Strinput = replace(Strinput, "'", "''" )
Strinput = replace( Strinput, """", "" )
Strinput = replace( Strinput, ")", "" )
Strinput = replace( Strinput, "(", "" )
Strinput = replace( Strinput, ";", "" )
Strinput = replace( Strinput, "-", "" )
Strinput = replace( Strinput, "|", "" )
Escinjection = Strinput
End IF
End Function
Spec_tray
__________________ " There are no failures - just experiences and your reactions to them. New members Please read before u post  General Tech6 Rules !!! CSS Validator | Markup Validator | RSS Validator Last edited by Spec_tray; 04-06-2008 at 06:42 PM.  |
|
#2
06-06-2008, 12:31 AM
| ||||
| ||||
|
thanks for this interesting info spec_tray .. keep it up !!
__________________ Would you like to Link To Us | Support TECH6 by going Premium Know more about me at Vinayaks.com | Follow TECH6 at Twitter  |
|
#3
12-06-2008, 01:30 PM
| ||||
| ||||
| sql injection..
Glad you like it Wbwizzy.. Find an interesting link about programming help against those SQL Injection attacks!. and it also creating a log file you will get info on the hacker ... http://www.cheergallery.com/SQLInjectionHelp.html happy coding Spec_tray
__________________ " There are no failures - just experiences and your reactions to them. New members Please read before u post General Tech6 Rules !!! CSS Validator | Markup Validator | RSS Validator |
|
#4
28-03-2011, 08:23 PM
| ||||
| ||||
|
Thanks for sharing...good informtion
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
