Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ASP/PHP SQL Injection

from [coder] Network Security [Permanent Link]
Subject: Re: ASP/PHP SQL Injection
Date: Thu, 31 Aug 2006 19:58:32 +0100 
Cheers for your input validation tips guys... but I was actually asking how
one would _look_ for possible SQL injection attacks if one has the PHP/ASP
source code.

What I would like to know is:

1 $variable = get_value_from_url('variable')  // ie
blah.asp?variable="hello"
2 SQL = "SOME SQL" & $variable & "SOME MORE SQL"
or
3 <executing object (i.e. rs.open)> "SOME SQL" & $variable & "SOME MORE SQL"

Does one look for lines 2 or 3 in the source code? and does it have to look
like one of those 2 lines?
or are there other things to look for?

Also, what does one look for in the PHP/ASP source code to see if an XSS
attack is possible?

Cheers,

Davie Elliott

-----Original Message----

Hi all,

I have been reading quite a bit into SQL injections and I just wondered if
my thinking is correct:

If one has the ASP or PHP source code for a site, they would just look for-

(written in a pseudo-ish code as I assume the same principles exist for ASP
and PHP)

$variable = get_value_from_url('variable')  // ie blah.asp?variable="hello"

SQL = "SOME SQL" & $variable & "SOME MORE SQL"
or
<executing object (i.e. rs.open)> "SOME SQL" & $variable & "SOME MORE SQL"

When looking for potential SQL Injection attacks, its one of the 2 SQL lines
one would look for... is that correct? And to stop SQL Injection attacks,
one only has to "sanitise" the variable with CLng()  in the case of numeric
fields and in the case of alphanumeric fields a built-in PHP/ASP/MySQL
function can be used.

Also, assuming my thinking above is correct, what does one look for when
checking for possible XSS attack?

Thanks for your input,

Davie Elliott



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ASP/PHP SQL Injection, Andrew Kane
Next by Date:  Re: Risk Ranking..., Woods_Beau
Previous by Thread:  Re: ASP/PHP SQL Injection, pratiksha . doshi
Next by Thread:  Visa PCI, lists@infostruct.net
Indexes:  [Date] [Thread] [Top] [All Lists]