This is for the web application developers out there who have not heard about the SQL Injection attack. I am sure most of you would be already familiar with these types of attacks; however I thought I might post some information I have so it might be useful for people who have not heard about it.
There are four types of SQL Injection type of attacks.
A simple example of a SQL manipulation is the login page in most of the application.
And most of the time the back end SQL will be something like this.
"SELECT * FROM users WHERE username = '" + loginName + "' and PASSWORD = '"+ password + "'"
where loginName and passwords are String variables.
in the login for the user can enter
Administrator for the Login Name and 123' or 'a' = 'a for password field and gain access to the system if proper defenses are not made against this attack. When these are typed, the resulting SQL will look like
SELECT * FROM users WHERE username = 'Administrator' and PASSWORD = '123' or 'a' = 'a'
Previous Topic
