| || |
SQL Injection Errors
I found a link to an interesting paper describing SQL Injection attacks. This article describes how certain SQL statements can be entered through a web form to gain access to table names and manipulate data.
In our company we develop client server applications that will run over an Oracle or a SQL Server database. I have noticed that these errors will occur on a login window over MS SQL Server when the user ID is a character field.
I hope someone else will find this information useful.
Re: SQL Injection Errors
Interesting article. Thanks!
Beyond altering the code with SQL injection attacks, security testers should know that bad input and unauthorized queries can be run through parameter tampering, by changing the information in the URL.