The Cyber-Corperation

SQL Injection – A Quick Overview — 2012/01/07

One of the most common attacks today is called a “SQL Injection” attack. SQL injection attacks are most common against hastily or sloppily written GUI interfaces. It’s also the reason that a good database uses things like stored procedures, though that’s hardly an protection.

Let’s execute a basic injection attack: When you’re filling out some form with, let’s say a search for products, enter the data in the search field like this:

RAM’ OR ’1=1

See… what happens is that when the program reads the input string for, let’s say just RAM, and drops that in the query it ends up looking like this:

SELECT * FROM products WHERE name is like ‘%RAM%’

or something. So then with our bad product search it looks more like SELECT * FROM products WHERE name is like ‘%RAM%’ OR 1=1

And since 1 always equals 1, then you see all products. And if you do – then you’ve got a system to work with.

Share your thoughts

OpenFiler Project — 2012/01/03

Starting a new project. OpenFiler with network-level raid and a cluster. Going to run this for the SAN on VMWare.

Should be interesting.

Share your thoughts

Message Of The Day! — 2010/06/18

Welcome to the MOTD Project sponsored by the SDF Public Access UNIX System. This is a free generic WordPress site – to get started, login to your account and Delete or Edit this post.

Hosting for this site is provided by

The SDF Public Access UNIX System

Share your thoughts