We wanted to see what the effects of SQL Injection attack were on a simple system (of which there are tens of thousands of out there) and Alan (www.astirling.com) designed a very simple logon system running on a local virtual machine to have a go at.
As we had suspected if adequate measures were not taken it was remarkably simple to log in fully by using a very basic attack by simply putting:
a’ or 1=1 or ‘a
into both the username and password boxes!
Keep your systems secure and remember to test your login system to destruction! Read all about how the username / password is not necessarily the downfall of a system, it is the ’email me my password’ functionality!! http://www.unixwiz.net/techtips/sql-injection.html