 |  |  |  |  |  |  |  |
SQL Injection Attacks
Please support our Database Design advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
I've mentioned SQL Injection attacks a few times in this forum and the Database Design forum. From the responses I got, many folks here don't know what an SQL Injection attack is. If you do any SQL interaction via a web-based interface, do yourself and the Internet community a favour and become knowledgeable about it. As a developer / programmer you have a responsibility to your client to produce secure code.
Doing a Google search will bring up lots of pertinent links. But just to show how serious it is, here is a recent extract from a list I subscribe to (@RISK: The Consensus Security Vulnerability Alert). It is an outline of articles in the digest version. All the following have SQL injection vulnerabilities.
Note to moderators: I am cross-posting this in the MySQL forum to catch as people as possible. If you feel this is a redundant post please delete it.
08.08.28 - Joomla! MCQuiz Component "tid" Parameter SQL Injection
08.08.29 - Joomla! PAXXGallery Component "userid" Parameter SQL Injection
08.08.30 - Joomla! and Mambo "com_quiz" Component "tid" Parameter SQL Injection
08.08.31 - e-Vision CMS "id" Parameter Multiple SQL Injection Vulnerabilities
08.08.32 - Joomla! and Mambo "com_smslist" Component "listid" Parameter SQL Injection
08.08.33 - Joomla! and Mambo "com_activities" Component "id" Parameter SQL Injection
08.08.34 - Joomla! and Mambo "com_sg" Component "pid" Parameter SQL Injection
08.08.35 - Joomla! and Mambo "faq" Component "catid" Parameter SQL Injection
08.08.36 - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.37 - Yellow Swordfish Simple Forum "index.php" SQL Injection
08.08.38 - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.39 - Joomla! and Mambo "com_salesrep" Component "rid" Parameter SQL Injection
08.08.40 - Joomla! and Mambo "com_lexikon" Component "id" Parameter SQL Injection
08.08.41 - Joomla! and Mambo "com_filebase" Component "filecatid" Parameter SQL Injection
08.08.42 - Joomla! and Mambo "com_scheduling" Component "id" Parameter SQL Injection
08.08.43 - WP Photo Album "photo" Parameter SQL Injection
08.08.44 - Joomla! and Mambo "com_galeria" Component "id" Parameter SQL Injection
08.08.45 - Joomla! and Mambo "com_jooget" Component "id" Parameter SQL Injection
08.08.46 - AuraCMS Multiple SQL Injection Vulnerabilities
08.08.47 - Joomla! and Mambo Quran Component SQL Injection
08.08.48 - Simple CMS "indexen.php" SQL Injection
08.08.49 - Joomla! and Mambo Portfolio Manager Component "categoryId" Parameter SQL Injection
08.08.50 - astatsPRO com_astatspro Component "id" Parameter SQL Injection
08.08.51 - Joomla! and Mambo com_profile Component "oid" Parameter SQL Injection
08.08.52 - Joomla! and Mambo com_detail Component "id" Parameter SQL Injection
08.08.53 - Yellow Swordfish Simple Forum "sf-profile.php" SQL Injection
08.08.54 - WordPress Recipes Blog Plugin "id" Parameter SQL Injection
08.08.55 - WordPress wp-people Plugin "wp-people-popup.php" SQL Injection
08.08.56 - Joomla! and Mambo com_downloads Component "cat" Parameter SQL Injection
08.08.57 - XOOPS myTopics Module "print.php" SQL Injection
08.08.58 - PHP-Nuke Books Module "cid" Parameter SQL Injection
08.08.59 - Joomla! and Mambo "com_pccookbook" Component "user_id" Parameter SQL Injection
08.08.60 - sCssBoard "index.php" Multiple SQL Injection Vulnerabilities
08.08.61 - PHP-Nuke Sections Module "artid" Parameter SQL Injection
08.08.62 - Facile Forms "catid" Parameter SQL Injection
08.08.63 - Joomla! and Mambo "com_team" Component SQL Injection
08.08.64 - Joomla! and Mambo com_iigcatalog Component "cat" Parameter SQL Injection
08.08.65 - Joomla! and Mambo com_formtool Component "catid" Parameter SQL Injection
08.08.66 - Woltlab Burning Board "password" SQL Injection
08.08.67 - Joomla! and Mambo com_genealogy Component "id" Parameter SQL Injection
08.08.68 - iJoomla com_magazine Component "pageid" Parameter SQL Injection
08.08.69 - XOOPS "vacatures" Module "cid" Parameter SQL Injection
08.08.70 - XOOPS "events" Module "id" Parameter SQL Injection
08.08.71 - XOOPS "seminars" Module "id" Parameter SQL Injection
08.08.72 - XOOPS "badliege" Module "id" Parameter SQL Injection
08.08.73 - PHP-Nuke Web_Links Module "cid" Parameter SQL Injection
08.08.74 - XOOPS "classifieds" Module "cid" Parameter SQL Injection
08.08.75 - PHP-Nuke EasyContent Module "page_id" Parameter SQL Injection
Doing a Google search will bring up lots of pertinent links. But just to show how serious it is, here is a recent extract from a list I subscribe to (@RISK: The Consensus Security Vulnerability Alert). It is an outline of articles in the digest version. All the following have SQL injection vulnerabilities.
Note to moderators: I am cross-posting this in the MySQL forum to catch as people as possible. If you feel this is a redundant post please delete it.
08.08.28 - Joomla! MCQuiz Component "tid" Parameter SQL Injection
08.08.29 - Joomla! PAXXGallery Component "userid" Parameter SQL Injection
08.08.30 - Joomla! and Mambo "com_quiz" Component "tid" Parameter SQL Injection
08.08.31 - e-Vision CMS "id" Parameter Multiple SQL Injection Vulnerabilities
08.08.32 - Joomla! and Mambo "com_smslist" Component "listid" Parameter SQL Injection
08.08.33 - Joomla! and Mambo "com_activities" Component "id" Parameter SQL Injection
08.08.34 - Joomla! and Mambo "com_sg" Component "pid" Parameter SQL Injection
08.08.35 - Joomla! and Mambo "faq" Component "catid" Parameter SQL Injection
08.08.36 - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.37 - Yellow Swordfish Simple Forum "index.php" SQL Injection
08.08.38 - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.39 - Joomla! and Mambo "com_salesrep" Component "rid" Parameter SQL Injection
08.08.40 - Joomla! and Mambo "com_lexikon" Component "id" Parameter SQL Injection
08.08.41 - Joomla! and Mambo "com_filebase" Component "filecatid" Parameter SQL Injection
08.08.42 - Joomla! and Mambo "com_scheduling" Component "id" Parameter SQL Injection
08.08.43 - WP Photo Album "photo" Parameter SQL Injection
08.08.44 - Joomla! and Mambo "com_galeria" Component "id" Parameter SQL Injection
08.08.45 - Joomla! and Mambo "com_jooget" Component "id" Parameter SQL Injection
08.08.46 - AuraCMS Multiple SQL Injection Vulnerabilities
08.08.47 - Joomla! and Mambo Quran Component SQL Injection
08.08.48 - Simple CMS "indexen.php" SQL Injection
08.08.49 - Joomla! and Mambo Portfolio Manager Component "categoryId" Parameter SQL Injection
08.08.50 - astatsPRO com_astatspro Component "id" Parameter SQL Injection
08.08.51 - Joomla! and Mambo com_profile Component "oid" Parameter SQL Injection
08.08.52 - Joomla! and Mambo com_detail Component "id" Parameter SQL Injection
08.08.53 - Yellow Swordfish Simple Forum "sf-profile.php" SQL Injection
08.08.54 - WordPress Recipes Blog Plugin "id" Parameter SQL Injection
08.08.55 - WordPress wp-people Plugin "wp-people-popup.php" SQL Injection
08.08.56 - Joomla! and Mambo com_downloads Component "cat" Parameter SQL Injection
08.08.57 - XOOPS myTopics Module "print.php" SQL Injection
08.08.58 - PHP-Nuke Books Module "cid" Parameter SQL Injection
08.08.59 - Joomla! and Mambo "com_pccookbook" Component "user_id" Parameter SQL Injection
08.08.60 - sCssBoard "index.php" Multiple SQL Injection Vulnerabilities
08.08.61 - PHP-Nuke Sections Module "artid" Parameter SQL Injection
08.08.62 - Facile Forms "catid" Parameter SQL Injection
08.08.63 - Joomla! and Mambo "com_team" Component SQL Injection
08.08.64 - Joomla! and Mambo com_iigcatalog Component "cat" Parameter SQL Injection
08.08.65 - Joomla! and Mambo com_formtool Component "catid" Parameter SQL Injection
08.08.66 - Woltlab Burning Board "password" SQL Injection
08.08.67 - Joomla! and Mambo com_genealogy Component "id" Parameter SQL Injection
08.08.68 - iJoomla com_magazine Component "pageid" Parameter SQL Injection
08.08.69 - XOOPS "vacatures" Module "cid" Parameter SQL Injection
08.08.70 - XOOPS "events" Module "id" Parameter SQL Injection
08.08.71 - XOOPS "seminars" Module "id" Parameter SQL Injection
08.08.72 - XOOPS "badliege" Module "id" Parameter SQL Injection
08.08.73 - PHP-Nuke Web_Links Module "cid" Parameter SQL Injection
08.08.74 - XOOPS "classifieds" Module "cid" Parameter SQL Injection
08.08.75 - PHP-Nuke EasyContent Module "page_id" Parameter SQL Injection
Amer Neely - Web Mechanic
"Others make web sites. We make web sites work!"
"Others make web sites. We make web sites work!"
|
Similar Threads
- Visual C#: Inserting an Access Database Record (C#)
- asp .net & vb .net html rich text editor (ASP.NET)
- SQl Injection through ASP and MS SQl 2000 (ASP)
- Need help with SQL embedded in Java (Java)
- HOWTO: Share an SQL Connection between multiple forms within the same project (C#)
- WizardSteps-> SQL Insert -> Grab ID field (ASP.NET)
- http form -> php -> mysql snafu (PHP)
- Login and retrieve user data from database (ASP.NET)
- Working with SQL's Text data type (ASP.NET)
Other Threads in the Database Design Forum
- Previous Thread: I want to know how to make a Reviewing Database.
- Next Thread: Financial Accounts System
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Database Design Posts
- Today's Posts
- Unanswered Threads
