SQL Injection attack

We wanted to see what the effects of SQL Injection attack were on a simple system (of which there are tens of thousands of out there) and Alan (www.astirling.com) designed a very simple logon system running on a local virtual machine to have a go at.As we had suspected if adequate measures were not taken it was remarkably simple to log in fully by using a very basic attack by simply putting:a' or 1=1 or 'ainto both the username and password boxes! Keep your systems secure and remember to test your login system to destruction! Read all about how the username / password is not necessarily the downfall of a system, it is the 'email me my password' functionality!! http://www.unixwiz.net/techtips/sql-injection.html Resourceshttp://en.wikipedia.org/wiki/SQL_injection   

Previous
Previous

Elegant Themes Chameleon Remove Overlay From Slider

Next
Next

Discovering vulnerabilities