Chapter 3. Structured Query Language Injection
Information in this Chapter
- Understanding SQL Injection
- Employing Countermeasures
Structured Query Language (SQL) injection attacks have evolved immensely over the last 10 years even though the underlying vulnerability that leads to SQL injection remains the same. In 1999, an SQL-based attack enabled arbitrary commands to be executed on systems running Microsoft's Internet Information Server (IIS) version 3 or 4. (To put 1999 in perspective, this was when The Matrix and The Blair Witch Project were first released.) The attack was discovered and automated via a Perl script by a hacker named Rain Forest Puppy (http://downloads.securityfocus.com/vulnerabilities/exploits/msadc.pl). Over a decade ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.