The online community for software testing & quality assurance professionals
 
 
Calendar   Today's Topics
Sponsors:




Lost Password?

Home
BetaSoft
Blogs
Jobs
Training
News
Links
Downloads



Software Testing >> Security Testing

Pages: 1
Mash_V
Member


Reged: 11/26/07
Posts: 148
SQL Injection via URL
      #717800 - 10/10/12 03:22 AM

I read an article that informed about SQL injection on URLs / URL Manipulation.

Refer: http://www.imperva.com/resources/glossary/sql_injection.html

Near end section of above page, person suggests an example with Select query.

What I am unable to find is place where I would get the select query result. Would it be in Source Code, or in HTTP request's response?

--------------------
-Mash


Post Extras: Print Post   Remind Me!   Notify Moderator  
Joe Strazzere
Moderator


Reged: 05/15/00
Posts: 12344
Loc: Massachusetts, USA
Re: SQL Injection via URL [Re: Mash_V]
      #717806 - 10/10/12 03:45 AM

It depends on your application. You might see a result in both the page source and the http response.

For some applications you wouldn't see the query result in your browser at all. One of the examples they use:

http://www.mydomain.com/products/products.asp?productid=123; DROP
TABLE Products

might not return anything, yet would be malicious anyway. Your Products table would be gone. Who knows what you might see as a response...

--------------------
- Joe
Visit AllThingsQuality.com to learn more about quality, testing, and QA!

I speak only for me. I do not speak for my employer, nor for anyone else.


Post Extras: Print Post   Remind Me!   Notify Moderator  
Chase_Freeman
Newbie


Reged: 07/29/09
Posts: 5
Re: SQL Injection via URL [Re: Joe Strazzere]
      #718687 - 10/24/12 10:34 AM

Best practice for this kind of test is to incorporate a revealing value into the test parameter itself so you can do a Ctrl+F in the response.

--------------------
Chase


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 3 anonymous users are browsing this forum.

Moderator:  icruiser, AJ, Walen 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 5058

Rate this topic

Jump to

Contact Us | Privacy statement SQAForums

Powered by UBB.threads™ 6.5.5