Security Information and Review

Collection of security information and review

Posts Tagged 'SQL Injection'

CubeCart SQL Injection Vulnerability

Author : Admin

The latest vulnerabilities has been reported in CubeCart. With this vulnerability, an attacker can exploit CubeCart to manipulate and inject SQL queries. This vulnerability is caused input validation error in “includes/content/” when processing the productId parameter. This issue is not going to happen if input passed to the productId parameter is properly sanitized before being used in SQL queries. This vulnerability is reported by sangteamtham and it’s confirmed in version 4.3.6 and prior versions may also be affected. … continue reading : CubeCart SQL Injection Vulnerability.

20 November 2009 at 06:58 - Comments

How to prevent SQL Injection Attacks

Author : Admin

This article will show a number of ways to protect web application from SQL Injection Attacks. SQL Injection attacks occur when an application uses input from user that has not been check to see that it’s valid text. So, SQL Injection attacks take advantage of code that does not filter input that is being entered user directly into a form and application that take direct user input then generate SQL Command that execute via back end code. SQL Injection Attacks of web application events that occur most frequently is login form that accepts user name and password as authentication of system. … continue reading : How to prevent SQL Injection Attacks.

28 May 2009 at 13:16 - Comments

SQL Injection Attacks and SQL Server Security

Author : Admin

SQL Injection is a tehnique to manipulate of SQL Command that exploit SQL Server vulnerability of web application layer. This is the SQL Server security to be considered by many programmers and administrators. This vulnerability occurred if user insert text in form of web application. This form of SQL Injection occurs when user input is not filtered for escape characters and is then passed into an SQL Statement. Example, form login of web application as authentication to enter to system with user name and password is required. Field user name and password will make SQL Query to the database to check if a user name has valid name and password. Example SQL Injection in PHP in form login of the POST or GET methode, with a table user.
… continue reading : SQL Injection Attacks and SQL Server Security.

28 May 2009 at 00:14 - Comments