| Author: UltimateRengan 05 Sep 2008 | Member Level: Diamond | Rating:  Points: 2 |
hi,
sql Injection is a hacking technique which attempts to pass sql commands through a web application for execution against a backend database.
http://www.cgisecurity.com/questions/sql.shtml
http://what-is-what.com/what_is/sql_injection.html
http://en.wikipedia.org/wiki/SQL_injection
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
i hope this may help u
|
| Author: Athira Appukuttan 05 Sep 2008 | Member Level: Diamond | Rating: Points: -20 |
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
For more refer:
http://en.wikipedia.org/wiki/SQL_injection
|
| Author: Sherrie 05 Sep 2008 | Member Level: Silver | Rating: Points: -20 |
"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.
|
| Author: http://venkattechnicalblog.blogspot.com/ 05 Sep 2008 | Member Level: Diamond | Rating: Points: 2 |
Please check my blog for more reference,
http://venkattechnicalblog.blogspot.com/2008/09/sql-injection.html
Regards,
Venkatesan Prabu .J
|