Breaking the Query
The simplest way to check for SQL injection appends a single quote to a parameter. If the Web site responds with an error message, then at the very least it has inadequate input filtering and error handling. At worst, it will be trivially exploitable. (Some Web sites go so far as to place the complete SQL query in a URI parameter, for example, view.cgi?q=SELECT+name+FROM+db.users+WHERE+id%3d97. Such poor design is clearly insecure.) Using the single quote will not always work nor will rely on the site to display friendly error messages. This section describes different methodologies for identifying SQL injection vulnerabilities.
Breaking Naive Defenses
Databases, such as Web sites, support many character sets. Character ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
