This article is written for publicizing of new SQL injection method about detour some web firewall or some security solution. I did test on a web firewall made in Korean, most SQL injection attack was hit, I will not reveal the maker for cutting its damage.
If we ask developers about the SQL injection attacks, the examples known to them are the most basic ones, like the ones existing in the login forms. However, the OWASP 2010 vulnerability list (http://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf) clearly puts the injection vulnerabilities on the top. The SQL injection vulnerabilities may exist at anyplace in the applications where the interaction with the database is involved. Now, if you are a developer, you might need to exercise your mind, that where your application is interacting with the database, after reading this article hopefully.
| ArchivesAugust 2012 CategoriesAll |
RSS Feed