Monday, September 22, 2008

SQL Injection? No, I don't like needles, thanks.

Okay, so I like to read a lot. Like.. a lot. So I was reading Advanced SQL Injection In SQL Server Applications about a week after I read Google Hacks. The little lightbulb went off. Could it really be that easy? Could it?

In less time than it took to write this post, google (inurl:select inurl:where inurl:from) gave me 460 pages of results. About 20% or so look vulnerable to injection attack. A slightly modified query gives 496 matches for unprotected, non-passworded, wide open hey-look-it-is-Christmas phpMyAdmin sites.

O
M
G

I had to get that out of my system. I'm better now.

-Ellie

No comments: