Dr. Dobbs: SQL Injection: Think Like a Hacker

It is time to earn a little about SQL injection, a conceptually simple and very popular attack that can be mounted against many websites with a database back-end.

An earlier post on DITC by Tim Kellogg talks about actually experiencing the hacker ethos by attempting specific exploits. I’d like to second the notion, especially when it comes to SQL injection. This exploit turns on the ability to query your websites and get all sorts of useful information, such as your entire customer contact list or other sensitive data. And what makes this attack so troublesome is that it can be done without using any specialized tools other than a Web browser, and it doesn’t even require much in the way of programming knowledge.

You can read my article in Dr. Dobbs here.

One thought on “Dr. Dobbs: SQL Injection: Think Like a Hacker

  1. SQL injection is the very old practice and still actual only for very old forgotten sites.

    Of course you can try find a few vulnerable sites using inurl:id=1 site:.{domain} in google, but the vast majority of sites fixed this problem long time ago.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s