Every now and then you will hear how some site will use a blacklist to ‘protect’ themselves against sql injection. Using a blacklist is very foolish because you can’t ever think of all the different ways that the bad guys will try to bypass your little…
Less Than Dot is a community of passionate IT professionals and enthusiasts dedicated to sharing technical knowledge, experience, and assistance. Inside you will find reference materials, interesting technical discussions, and expert tips and commentary.
Browsing "sql injection"
There is a nice SQL Injection Pocket Reference up on Google Docs
Here is what is covered
Comment Out Query
In a login
We all know that Kaspersky is a security firm and they make a very nice product, you can see a list of their products here: http://www.kaspersky.com/ What I found out today on twitter is that their site got hacked by a SQL Injection attack. The tool that was used was the Acunetix Web Security Scanner. […]
There is code available to take advantage of the sp_replwritetovarbin heap overflow bug In a default configuration, the sp_replwritetovarbin stored procedure is accessible by anyone. To disable this proc you can run this as an admin on the box Before disabling this pro read BradC’s comment so that you do not break replication T-SQL1 execute […]