unixwiz: SQL Injection Attacks by Example
October 3rd, 2007
Found this site via del.icio.us. Pretty good post:
“SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.
SQL Injection @ unixwizÂ