May 2009

View all on this date written articles further down below.
22 May 2009

SQL Injection: A primer

About:
SQL Injection is a query / code injection technique which exploits a vulnerability in the database of an application. The database back-end can be Microsoft SQL Server, Oracle, or mysql; i.e. any database which understands the Structured Query Language (SQL: http://en.wikipedia.org/wiki/SQL).
 
The vulnerability is present when the user input is not filtered properly for string literal escape characters. This user input usually is acting as the variable for constructing a SQL query when it reaches the back-end.

Read more