File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Meaningless Drivel and the fly likes Does this sound believable? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Other » Meaningless Drivel
Bookmark "Does this sound believable?" Watch "Does this sound believable?" New topic
Author

Does this sound believable?

Monu Tripathi
Rancher

Joined: Oct 12, 2008
Posts: 1369
    
    1

I like fiction, here is an attempt at writing one. It is not totally original, I heard a similar story from a friend who tests security of networks.

He was presented with a login page that required username and password. He entered some text with special characters
etc. The query ran, generating a database exception. Exception was not caught and it appeared on the error page. He understood the database used. Perhaps the query was:


He got the syntax spec. and looked at few queries, tried writing a query or two. He read about the Where clause. He started trying different strings as inputs. In the meanwhile, he learnt about the different exceptions that DBMS could generate.

Then he entered the magic word in the password field: (X)* OR TRUE. The query ran again, not spitting an exception this time. He had broken into the system.


Let me know what you think.
Thanks!


[List of FAQs] | [Android FAQ] | [Samuh Varta]
Jaydeep Mazumdar
Greenhorn

Joined: Aug 26, 2009
Posts: 23
This is an example of a SQL injection attack!
Monu Tripathi
Rancher

Joined: Oct 12, 2008
Posts: 1369
    
    1

Oh!... then this is not fiction
Jaydeep Mazumdar
Greenhorn

Joined: Aug 26, 2009
Posts: 23
LOL: Check out this link for SQL Injection: http://en.wikipedia.org/wiki/SQL_injection
Naresh Bafna
Ranch Hand

Joined: Mar 23, 2007
Posts: 35
I can say this is no fiction having worked in a project to fix these kind of vulnerabilities in a web application. It was fun and you would marvel at the way these hackers think and in turn make you think.

Not related here but another think we came across was the usage of profanity by hackers and had to write code to look for swear words in user inputs


SCJP 5 - 94%
Jaydeep Mazumdar
Greenhorn

Joined: Aug 26, 2009
Posts: 23
Check out Web Goat! It provides a great way to learn about the various web application vulnarabilities.

http://code.google.com/p/webgoat/
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14432
    
  23


http://xkcd.com/327/


Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 8 API documentation
Monu Tripathi
Rancher

Joined: Oct 12, 2008
Posts: 1369
    
    1

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Does this sound believable?