Kevin Spett wrote : > > I am working on a script where I am able to inject arbitrary SQL code into > the request, but am unable to get the records I want. > > [snip] > > Also, good sites or papers that discuss SQL code injection would be > appreciated. A good paper about this subject is "Web Application Disassembly with ODBC Error Messages" by David Litchfield, from the BlackHats 2001 sessions. There is a copy on my website : http://nicob.net/BHWin01Litchfield.doc and here another mirror : http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/win-usa-01/Litchfield/BHWin01Litchfield.doc Nicob ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 08:10:57 PDT