SQL Injection

inaki · 06-04-2007, 02:33 AM

Hi all, i've try SQL injection which is input is '--. But the question is, How do we determine that SQL injection is success. It is because the response is "HTTP/1.0 500 Internal Server Error".

TQ

acid_kewpie · 06-04-2007, 03:05 AM

well it totally depends on the form of attack... could be all sorts of responses. and of course we do not advocate doing any of this, and will not actively help you learn these sorts of techniques.

inaki · 06-04-2007, 04:27 AM

If i'm not learned and somebody doesn't want to guide me, how can i understand and defending my web system.

jschiwal · 06-04-2007, 04:41 AM

The MySQL manual has a chapter called "General Security Guidelines" with a checklist of things to avoid.

acid_kewpie · 06-04-2007, 06:15 AM

Quote:

Originally Posted by inaki

If i'm not learned and somebody doesn't want to guide me, how can i understand and defending my web system.

i gave you your answer... it could be anything. sql injection is a way to make an sql database do something the original connection wasn't confgured to do. there's hundreds of different things this could lead to... system corruptiong, information disclosure etc... there's no one way to know if it worked without knowing what the actual injection exploit is.

inaki · 06-04-2007, 06:22 AM

Thank you for an advise. i am sorry if anybody got hurts on my sentence.

msantinho · 06-04-2007, 06:42 AM

Possible answers are:
1. always escape strings you use to fetch records from database
2. trust users, don't trust on what they type

For example:
what could happen if you have a page wich displays information based on an ID?

Code:

$sql = "SELECT * FROM table WHERE idrecord = $id_passed_from_post_or_get;";

Now, imagine some user tries to access this page with:

Code:

http://www.example.com/index.php?id=unexpected_sql_statement_here

With that sql statement, _anything_ can happen to your server.

Oh, by the way, for your "HTTP/1.0 500 Internal Server Error" check the server logs. Probably you will see an SQL error there.

Miguel