SQL Injection Attacks

Question

trudge 8 Junior Poster

16 Years Ago

I've mentioned SQL Injection attacks a few times in this forum and the Database Design forum. From the responses I got, many folks here don't know what an SQL Injection attack is. If you do any SQL interaction via a web-based interface, do yourself and the Internet community a favour and become knowledgeable about it. As a developer / programmer you have a responsibility to your client to produce secure code.

Doing a Google search will bring up lots of pertinent links. But just to show how serious it is, here is a recent extract from a list I subscribe to (@RISK: The Consensus Security Vulnerability Alert). It is an outline of articles in the digest version. All the following have SQL injection vulnerabilities.

Note to moderators: I am cross-posting this in the MySQL forum to catch as people as possible. If you feel this is a redundant post please delete it.

08.08.28 - Joomla! MCQuiz Component "tid" Parameter SQL Injection
08.08.29 - Joomla! PAXXGallery Component "userid" Parameter SQL Injection
08.08.30 - Joomla! and Mambo "com_quiz" Component "tid" Parameter SQL Injection
08.08.31 - e-Vision CMS "id" Parameter Multiple SQL Injection Vulnerabilities
08.08.32 - Joomla! and Mambo "com_smslist" Component "listid" Parameter SQL Injection
08.08.33 - Joomla! and Mambo "com_activities" Component "id" Parameter SQL Injection
08.08.34 - Joomla! and Mambo "com_sg" Component "pid" Parameter SQL Injection
08.08.35 - Joomla! and Mambo "faq" Component "catid" Parameter SQL Injection
08.08.36 - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.37 - Yellow Swordfish Simple Forum "index.php" SQL Injection
08.08.38 - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.39 - Joomla! and Mambo "com_salesrep" Component "rid" Parameter SQL Injection
08.08.40 - Joomla! and Mambo "com_lexikon" Component "id" Parameter SQL Injection
08.08.41 - Joomla! and Mambo "com_filebase" Component "filecatid" Parameter SQL Injection
08.08.42 - Joomla! and Mambo "com_scheduling" Component "id" Parameter SQL Injection
08.08.43 - WP Photo Album "photo" Parameter SQL Injection
08.08.44 - Joomla! and Mambo "com_galeria" Component "id" Parameter SQL Injection
08.08.45 - Joomla! and Mambo "com_jooget" Component "id" Parameter SQL Injection
08.08.46 - AuraCMS Multiple SQL Injection Vulnerabilities
08.08.47 - Joomla! and Mambo Quran Component SQL Injection
08.08.48 - Simple CMS "indexen.php" SQL Injection
08.08.49 - Joomla! and Mambo Portfolio Manager Component "categoryId" Parameter SQL Injection
08.08.50 - astatsPRO com_astatspro Component "id" Parameter SQL Injection
08.08.51 - Joomla! and Mambo com_profile Component "oid" Parameter SQL Injection
08.08.52 - Joomla! and Mambo com_detail Component "id" Parameter SQL Injection
08.08.53 - Yellow Swordfish Simple Forum "sf-profile.php" SQL Injection
08.08.54 - WordPress Recipes Blog Plugin "id" Parameter SQL Injection
08.08.55 - WordPress wp-people Plugin "wp-people-popup.php" SQL Injection
08.08.56 - Joomla! and Mambo com_downloads Component "cat" Parameter SQL Injection
08.08.57 - XOOPS myTopics Module "print.php" SQL Injection
08.08.58 - PHP-Nuke Books Module "cid" Parameter SQL Injection
08.08.59 - Joomla! and Mambo "com_pccookbook" Component "user_id" Parameter SQL Injection
08.08.60 - sCssBoard "index.php" Multiple SQL Injection Vulnerabilities
08.08.61 - PHP-Nuke Sections Module "artid" Parameter SQL Injection
08.08.62 - Facile Forms "catid" Parameter SQL Injection
08.08.63 - Joomla! and Mambo "com_team" Component SQL Injection
08.08.64 - Joomla! and Mambo com_iigcatalog Component "cat" Parameter SQL Injection
08.08.65 - Joomla! and Mambo com_formtool Component "catid" Parameter SQL Injection
08.08.66 - Woltlab Burning Board "password" SQL Injection
08.08.67 - Joomla! and Mambo com_genealogy Component "id" Parameter SQL Injection
08.08.68 - iJoomla com_magazine Component "pageid" Parameter SQL Injection
08.08.69 - XOOPS "vacatures" Module "cid" Parameter SQL Injection
08.08.70 - XOOPS "events" Module "id" Parameter SQL Injection
08.08.71 - XOOPS "seminars" Module "id" Parameter SQL Injection
08.08.72 - XOOPS "badliege" Module "id" Parameter SQL Injection
08.08.73 - PHP-Nuke Web_Links Module "cid" Parameter SQL Injection
08.08.74 - XOOPS "classifieds" Module "cid" Parameter SQL Injection
08.08.75 - PHP-Nuke EasyContent Module "page_id" Parameter SQL Injection

2 Contributors
1 Reply
820 Views
2 Days Discussion Span
Latest Post 16 Years Ago Latest Post by jbennet

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

jbennet 1,618 Most Valuable Poster Team Colleague Featured Poster · Answer 1 · 2008-02-24T20:00:56+00:00

Note to moderators: I am cross-posting this in the MySQL forum to catch as people as possible. If you feel this is a redundant post please delete it.

it is being discussed