Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Does this sound believable?

 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I like fiction, here is an attempt at writing one. It is not totally original, I heard a similar story from a friend who tests security of networks.

He was presented with a login page that required username and password. He entered some text with special characters
etc. The query ran, generating a database exception. Exception was not caught and it appeared on the error page. He understood the database used. Perhaps the query was:


He got the syntax spec. and looked at few queries, tried writing a query or two. He read about the Where clause. He started trying different strings as inputs. In the meanwhile, he learnt about the different exceptions that DBMS could generate.

Then he entered the magic word in the password field: (X)* OR TRUE. The query ran again, not spitting an exception this time. He had broken into the system.


Let me know what you think.
Thanks!

 
Jaydeep Mazumdar
Greenhorn
Posts: 23
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is an example of a SQL injection attack!
 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh!... then this is not fiction
 
Jaydeep Mazumdar
Greenhorn
Posts: 23
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
LOL: Check out this link for SQL Injection: http://en.wikipedia.org/wiki/SQL_injection
 
Naresh Bafna
Ranch Hand
Posts: 35
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can say this is no fiction having worked in a project to fix these kind of vulnerabilities in a web application. It was fun and you would marvel at the way these hackers think and in turn make you think.

Not related here but another think we came across was the usage of profanity by hackers and had to write code to look for swear words in user inputs
 
Jaydeep Mazumdar
Greenhorn
Posts: 23
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check out Web Goat! It provides a great way to learn about the various web application vulnarabilities.

http://code.google.com/p/webgoat/
 
Jesper de Jong
Java Cowboy
Saloon Keeper
Pie
Posts: 15150
31
Android IntelliJ IDE Java Scala Spring
 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic