Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [WEB SECURITY] Re: SQL In the Request

from [Nish Bhalla] Network Security [Permanent Link]
Subject: RE: [WEB SECURITY] Re: SQL In the Request
Date: Thu, 5 Oct 2006 13:26:16 -0400 
Well funny thing is that I have seen a couple of seminar sites titled
"Security for Developers" and one other Computer Security Conferences
website that are vulnerable to the exact same SQL Injection vulnerability. I
am surprized how people hold conferences on security and don't even do basic
security checks.

Nish.

 
-----Original Message-----
From: Erez Metula [mailto:erezmetula@2bsecure.co.il] 
Sent: Thursday, October 05, 2006 1:01 PM
To: Ory Segal; bryan allott; webappsec@securityfocus.com;
websecurity@webappsec.org
Subject: RE: [WEB SECURITY] Re: SQL In the Request

Just to add another dumb example from real life, I did an application
assessment a couple of months ago that had a page like this:

http://AppName/QueryDB.jsp?sql=sql_query

it can't be worse than that..

________________________________


Erez Metula, CISSP    
Application Security Department Manager
Security Software Engineer
E-Mail:  erezmetula@2bsecure.co.il      Mobile:  972-54-2108830
Office: 972-39007530     
 

-----Original Message-----
From: Ory Segal [mailto:osegal@watchfire.com]
Sent: Thursday, October 05, 2006 6:38 PM
To: bryan allott; webappsec@securityfocus.com; websecurity@webappsec.org
Subject: RE: [WEB SECURITY] Re: SQL In the Request

Hi,

I actually saw this kind of blasphemy several years ago -- an application
that builds a SQL query using client-side JavaScript. The complete SQL query
was then passed as a hidden parameter to the web application...

Go figure...

-Ory Segal
http://www.watchfire.com
  


-----Original Message-----
From: bryan allott [mailto:homegrown@bryanallott.net]
Sent: Thursday, October 05, 2006 5:35 PM
To: webappsec@securityfocus.com; websecurity@webappsec.org
Subject: [WEB SECURITY] Re: SQL In the Request


Just when i thought i had seen it all... -i come across a site which
passes in the following as part of the REQUEST..
yes, the SWF builds a request and sends it through to a php server... in
plain text.

POST /flashsql.php?id=106 HTTP/1.1

= QUERYSTRING ====
 id=106

= BODY ====
 host=<HOSTNAME>
 sql_=SELECT DISTINCT(movies.id), movies.name, filename FROM movies LEFT
JOIN groups_movies ON (movies.id = groups_movies.movie_id) LEFT JOIN
groups ON (groups.id = groups_movies.group_id) LEFT JOIN files_groups ON
(groups.id = files_groups.group_id) LEFT JOIN files ON (files.id =
files_groups.file_id) WHERE movies.id IN(155,150,52,149,134,133,76) AND
files.file_type_id=9 ORDER BY movies.id
 dat=sk_cms

is there anyway that this can be "acceptable" ? 





------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire has new programs available for pen testers and consultants to 
use AppScan in client engagements. AppScan is the leading Web application 
assessment tool. Want to see it for yourself? Take a look today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [WEB SECURITY] Re: SQL In the Request, bugtraq
Next by Date:  [Full-disclosure] JavaScript Spider (code that can traverse the web), pdp (architect)
Previous by Thread:  RE: [WEB SECURITY] Re: SQL In the Request, Erez Metula
Next by Thread:  Re: [WEB SECURITY] Re: SQL In the Request, bugtraq
Indexes:  [Date] [Thread] [Top] [All Lists]