Anatomy of a SQL Injection Attack

Anatomy of a SQL Injection Attack 267

Posted by timothy on Friday February 26, 2010 @06:03AM from the the-alarm-you-trip-could-be-your-own dept.

Trailrunner7 writes "SQL injection has become perhaps the most widely used technique for compromising Web applications, thanks to both its relative simplicity and high success rate. It's not often that outsiders get a look at the way these attacks work, but a well-known researcher is providing just that. Rafal Los showed a skeptical group of executives just how quickly he could compromise one of their sites using SQL injection, and in the process found that the site had already been hacked and was serving the Zeus Trojan to visitors." Los's original blog post has more and better illustrations, too.

Anatomy of a SQL Injection Attack

This discussion has been archived. No new comments can be posted.

Search 267 Comments Log In/Create an Account

Comments Filter:

A cautionary tale' OR 1=1 (Score:5, Funny)

by kyz ( 225372 ) writes: on Friday February 26, 2010 @06:12AM (#31283086) Homepage

...for these modern times.

Obligatory xkcd (Score:4, Funny)

by tangent3 ( 449222 ) writes: on Friday February 26, 2010 @06:48AM (#31283236)

http://xkcd.com/327/ [xkcd.com]

Re:Obligatory xkcd (Score:5, Funny)

by Inda ( 580031 ) writes: <slash.20.inda@spamgourmet.com> on Friday February 26, 2010 @06:59AM (#31283292) Journal

Oh, oh, oh, please let it be Bobby DropTables, please, please.

Re:Obligatory xkcd (Score:1, Funny)

by Anonymous Coward writes: on Friday February 26, 2010 @07:36AM (#31283436)

Select TOP 1 as bestever from t_XKCD where id = thisone

Slash Dot Virus Sequel Injected in You (Score:5, Funny)

by h00manist ( 800926 ) writes: on Friday February 26, 2010 @08:45AM (#31283760) Journal

You can't stop reading slashdot. Full of nonsensensical arguments, but you read on, your brain oozes, your eyes are red, dry and hurt. Still, you read on, and participate in the debate. You don't recognize your odd behavior. There's a sequel reply injected into your brain. It's a slash dot sequel brain virus injection. There's no cleaning utility, you will need to reformat your brain.

Re:Lemme be the first to say (Score:4, Funny)

by pooh666 ( 624584 ) writes: on Friday February 26, 2010 @09:42AM (#31284216)

I remember that Perl was not too good for web programming. It was unstable in a sense that variables sometimes got strange values inexplicably.
Perhaps less(or more) drinking would help?

Re:Use a persistence library (Score:3, Funny)

by TheSunborn ( 68004 ) writes: <mtilsted.gmail@com> on Friday February 26, 2010 @10:03AM (#31284418)

IT's very simple. Don't use any of the mysql_* functions.
Use the PDO prepare function (http://dk2.php.net/manual/en/pdo.prepare.php) and remember newer to pass any input you got from the user directly into the string you give to prepare.
In most cases(99%) the string you give to the prepare function should really be constant and not depend on user input at all.

Re:Obligatory xkcd (Score:1, Funny)

by Anonymous Coward writes: on Friday February 26, 2010 @12:14PM (#31285944)

You win.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Anatomy of a SQL Injection Attack 267

Anatomy of a SQL Injection Attack More Login

Anatomy of a SQL Injection Attack

A cautionary tale' OR 1=1 (Score:5, Funny)

Obligatory xkcd (Score:4, Funny)

Re:Obligatory xkcd (Score:5, Funny)

Re:Obligatory xkcd (Score:1, Funny)

Slash Dot Virus Sequel Injected in You (Score:5, Funny)

Re:Lemme be the first to say (Score:4, Funny)

Re:Use a persistence library (Score:3, Funny)

Re:Obligatory xkcd (Score:1, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot