Example Sins

Previous page
Table of content
Next page

The following entries on the Common Vulnerabilities and Exposures (CVE) web site (http://cve.mitre.org) are examples of SQL injection.

CAN-2004-0348

From the CVE description: SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.

Many scripts in SpiderSales software dont validate the userId parameter, which can be used to perform SQL injection attacks. Successful exploitation allows an attacker to gain access to SpiderSales administrator interface and read any information from the stores database.

CAN-2002-0554

From the CVE description: IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.

The Web Datablade Module for Informix SQL dynamically generates HTML content based on data. A vulnerability was reported in some versions of Web Datablade. It is possible to inject SQL commands into any page request processed by Web Datablade. This may result in the disclosure of sensitive information or increased access to the database.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Network Security Architectures
A Practitioners Guide to Software Test Design
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Special Edition Using Crystal Reports 10
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy