- Podcast on Marketing/Branding for Geeks
- Lugradio Live 2008
- Using SOAP and XmlRpc with PHP5 (a newbies findings)
- Thunder, Lightening and the disgust of ISP technical support!
- An assortment of pictures
- New Office (again)
- New Blog
- RIP Bicycle (Ridgeback Supernova)
- RIP Cassie
- A simple tale of SQL Injection .....
Recent blog posts
Who's online
There are currently 1 user and 19 guests online.
Online users
- David Goodwin
Recent comments
- lol
1 day 23 hours ago - correct
2 days 20 hours ago - mrBen will never live this down
4 days 19 hours ago - and then, there is
5 days 16 hours ago - oh, and i should add...
5 days 16 hours ago - In my case en_US was noted
1 week 2 hours ago - nuSoap - use of...
1 week 1 day ago - SASL authentication failure: cannot connect to saslauthd server:
1 week 1 day ago - nuSoap - I did have a look
1 week 1 day ago - Rest-ing
1 week 1 day ago
Syndicate
A simple tale of SQL Injection .....
Fri, 16/05/2008 - 21:24 — David Goodwin
Today, I was giving a one-on-one PHP training course covering databases (we were trying to get mssql to work with PHP on Windows, but various factors seemed to conspire against us - possibly permissions related, as it seemed to refuse to allow us to select from a table that fricking well did exist.). Anyway, the amusing story was.....
I have a habit of "probing" most web sites to see whether they're vulnerable to SQL injection - normally inserting a simple single quote into a URL will show one way or another. Unfortunately, for the delegate, he hadn't come across SQL Injection, but had written a website for his local village, in .asp.....
Cue login as "admin" with a password of "' OR '' = '".
Suffice to say, we then had a good laugh at the classic XKCD strip about poor Robert and he now knows how someone hacked into the site a few months ago.
Technorati Tags:
Comments
Post new comment