SQL Injection is the most commonly used database attack in the Internet. The best place to get know about the problem is a SQL Injection and PHP. It is my old article written about 4 years ago and published on the blog about a year ago. The story tells us about inserting SQL command into a SQL query. Many websites are exposed to SQL injection attacks but their administrators and owners don't know it. Almost every day I hear about new vulnerabilities. The article describes basic information about the SQL Injection.
I have been working as WEB developer and security tester for a long time. I have seen a lot of WEB sites that have SQL Injection errors. The vulnerability is known for a long time. The most horrible thing is WEB developers still make errors in their scripts. The source of errors is the human factor and lack of knowledge.
To avoid the human factor I use automatic checking software. The software test can't give us 100% guaranty. No one can do it. A good automatic test allows you to save your time. Check you scripts before uploading on a test system with the automatic test. Use the manual test for changed files as additional inspection.
A real example of the SQL Injection vulnerability may be found in the Critical SQL Injection article. The vulnerability on the berkeley server was quite critical. The attacker could discover usernames of the server (view the /etc/passwd system file) and open any file in system directories. The article shows us how to use LOAD_FILE function to load the file's content to WEB page using SQL Injection error. The article shows us an example of manual test for the SQL Injection error.
No comments:
Post a Comment