SQL Injection through HTTP Headers

RSS

Follow @dggreenbaum

Apr 4

SQL Injection through HTTP Headers

One of the comments:

Cool, but it all assumes the lame way of creating SQL queries by inserting variables using string concatenation. If you have a proper SQL connector (for example Perl DBI) it supports SQL placeholders which imply handling of variable quoting by the SQL server itself, effectively preventing injections.

Response:

Interesting article, though like f055 mentioned it assumes SQL queries are done by variables through string concatenation. That does however not really imply that the universal effectiveness would be low.

Posted 1 year ago

Comments

sysadmin,

Blog comments powered by Disqus

Posts I Like

Photo via gunshowcomic

never have we blown the doors off the 4th wall this much, too much, oh my g

So much work to do all month. Whew, whew whew!!!!! Then TCAF next...

Photo via gunshowcomic
Post via inkdgamer

So today I learnt...
- Mordekaiser is a huge bag of dicks (Direct Quote)
- I am awesome at landing Blitzcranks grabs
- Landing a Blitz grab on a Darius...
Post via inkdgamer
Photoset via gallantgambler

Ivan Tao

Photoset via gallantgambler
Photo via did-you-kno

did-you-kno:

Source

Photo via did-you-kno
Post via agnosticviking

pizzaforpresident:

OH MY GOD

My boss just texted me asking to come into work at 4:30 in the morning and I threw my phone down and was like...

Post via agnosticviking

Doug Greenbaum

SQL Injection through HTTP Headers

Posts I Like

People I Follow