|
-
March 13th, 2008, 02:19 AM
#2
Sql injection is a form of attack that makes use of poor input validation on a system to execute malicious sql statements on a database. The databases that you mentioned basically uses SQL. But, there are extensions specific to these databases that add programming functionality like T-SQL for MSsql and PL/SQL for Oracle .
There will be obviously be some variations in the attack depending on the database. For eg., Mqsql's mysql_query() function does not
permit query stacking unlike SQLite and PostgreSQL. So, In mysql you can't have an attack that makes use of a ";" to execute multiple queries.
A good tutorial on SQL Injection
http://www.acunetix.com/websitesecur...-injection.htm
SQL Injection tutorial on mssql
http://www.ngssoftware.com/papers/ad..._injection.pdf
SQL Injection tutorial on mysql
http://dev.mysql.com/tech-resources/...curity-ch3.pdf
SQL Injection tutorial on oracle
http://www.integrigy.com/security-re...on_Attacks.pdf
Illustrated SQL Injection
http://www.cert.org.in/knowledgebase...wp-2005-06.pdf
And the google queries I used to get them ;-)
"sql injection ", "sql injection filetype: pdf"
Read them all and try your sql injection skills here
http://hackme.ntobjectives.com/
have Fun :-D
Last edited by PacketThirst; March 13th, 2008 at 02:24 AM.
Similar Threads
-
By mikester2 in forum Other Tutorials Forum
Replies: 5
Last Post: January 31st, 2005, 01:16 PM
-
By CXGJarrod in forum Microsoft Security Discussions
Replies: 0
Last Post: July 23rd, 2003, 10:00 PM
-
By sambeckett in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: February 13th, 2003, 08:53 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote