WebApp Sec mailing list archives

Re: SQL Injection data retrieving??

From: Jonathan Angliss <jon () netdork net>
Date: Tue, 14 Sep 2004 15:29:13 -0500

Hi Roland,

Monday, September 13, 2004, 1:26:47 AM, you wrote:

ou application is vulnerable to SQL injection and I'm trying to
build some sort of "exploit" in order to show them how simple it is
to get data out of our database! So they might consider security
from a other point of view...


Extracting data is just one point of an exploit... you can always
destroy the data, or modify it so it is unusable. They might be more
influenced towards a more secure setup when all their data becomes
corrupt and unusuable, or even worse, missing.

-- 
Jonathan Angliss
(jon () netdork net)

I am Drunk of Borg. Resistance is floor tile!

Current thread:

Re: SQL Injection data retrieving??, (continued)
- - Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? nummish (Sep 11)
- Re: SQL Injection data retrieving?? Ben Timby (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 11)
  - Re: SQL Injection data retrieving?? Adam Tuliper (Sep 12)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 12)
  - Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 13)
- RE: SQL Injection data retrieving?? Mark McDonald (Sep 13)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 13)
  - Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
    - RE: SQL Injection data retrieving?? Peter Harrison (Sep 16)
- RE: SQL Injection data retrieving?? Shields, Larry (Sep 18)