July 10, 2008

SQL Injection Tip

Hope everyone is aware of SQL Injection attacks. For people who are new, it is something about intruding in to your SQL Server (DB) by passing some commands through a request.

If the following (0x73656C656374206E616D652066726F6D207379732E6461746162617365733B) value is passed to the SQL Query, it will list all the DBs on the server. Something interesting. So whenever you get a request, check for it.

No comments: