Hi,
Fletcher Mattox wrote:
We were recently the target of an SQL injection, so I am trying to
determine if they were successful. I have recovered the SQL commands
from mysqld.log, but the code has me stumped.
INSERT INTO queries (file,id) VALUES ('labs.php','4 OR 0 IN (SELECT TOP 1
CHAR(60)
It looks to me that they are trying to plant a query into your queries
file. What type is column 'id'? I am guessing that they (think they)
have found a vulnerability where running a web app (prob labls.php')
after this injection has taken place, the resulting query might get
exectuted...
how ma
www.securityfocus.com ran a three part article,
http://www.securityfocus.com/infocus/1722, that discussed SQL Injections and
MySQL.
-Original Message-
From: Tony Thomas [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 28, 2003 11:36 PM
To: [EMAIL PROTECTED]
Subject: SQL Injection
Hi All
In the last episode (Sep 28), Tony Thomas said:
> I've been hearing a bit about SQL injection lately, but the only
> documentation I can find refers to Microsoft or Oracle. Anyone know
> of good articles about injection in MySQL? Prevention? Detection? Is
> MySQL less vulnerable?
I would guess tha
