SQL Injection: SQL Injection Keywords

Thursday, November 6, 2008

SQL Injection Keywords

Here is a list of keywords that are sent via web URL to infect application Database:

exec (Use to exec the cursor which is encrypted in the URL)
execute (Same functionality as exec)
varchar (Text variable declaration type)
char (Text variable declaration type)
; (Semicolon is used to terminate an Sql statement)
-- (Database comments)
declare (use to declare a cursor in DB)

No comments:

Introduction

The risk of SQL injection exploits is on the rise because of automated tools. In the past, the danger was somewhat limited because an exploit had to be carried out manually: an attacker had to actually type their SQL statement into a text box. However, automated SQL injection programs are now available, and as a result, both the likelihood and the potential damage of an exploit has increased enormously

The automation of SQL injection gives rise to the possibility of a SQL injection worm, which is very possible. An estimated 60% of Web applications that use dynamic content are vulnerable to SQL injection.

According to security experts, the reason that SQL injection and many other exploits, such as cross-site scripting, are possible is that security is not sufficiently emphasized in development. To protect the integrity of Web sites and applications, experts recommend simple precautions during development such as controlling the types and numbers of characters accepted by input boxes.

SQL Injection

Thursday, November 6, 2008

SQL Injection Keywords

No comments:

Introduction

Blog Archive

Subscribe To Sql Injection Blog