Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: SQL Injection Basics

From: Nick Jacobsen <nick(at)ethicsdesign.com>
Date: Mon Feb 10 2003 - 16:37:35 EST

Right, I wasn't thinking too well... makes sense. Though, according to quite a few SQL injection faqs I have read, it said that you could only inject code if the developer used tick marks. However, I just recently used SQL injection on some code where the developer used NO tick marks, but injection still worked if the injection string contained TWO tick marks. Was this just a fluke, or is it something that the faqs had wrong?

Nick J.
nick@ethicsdesign.com

Original Message ----- From: "Dennis Hurst" <dhurst@spidynamics.com> To: "'Nick Jacobsen'" <nick@ethicsdesign.com> Cc: <webappsec@securityfocus.com> Sent: Monday, February 10, 2003 8:59 AM Subject: RE: SQL Injection Basics

> Nick,
Received on Mon Feb 10 16:57:34 2003

This message: [ Message body ]
Next message: Dave Aitel: "Re: SQL Injection Basics"
In reply to Dennis Hurst: "RE: SQL Injection Basics"
Next in thread: Dave Aitel: "Re: SQL Injection Basics"
Reply: Dave Aitel: "Re: SQL Injection Basics"
Reply: Dennis Hurst: "RE: SQL Injection Basics"
Reply: Taco Fleur: "Re: SQL Injection Basics"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:48 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library