p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   Classic ASP Databases (http://p2p.wrox.com/forumdisplay.php?f=62)
-   -   SQl Injection through ASP and MS SQl 2000 (http://p2p.wrox.com/showthread.php?t=63279)

cancer10 October 27th, 2007 01:39 AM

SQl Injection through ASP and MS SQl 2000
 
Hello,


I have heard a lot about SQL Injection. I was wondering how does an injector come to know about the table/column name when they cannot see the asp codes in a website?

Can someone explain plz?



Thanx

-----------------------------------------------
www.chargertek.in - Cheapest WebHosting

Imar October 27th, 2007 03:21 AM

Hi there,

The information usually comes from two sources: common knowledge (e.g. all SQL Server installations have the same Master database with a well know structure) and error pages that are thrown by the page itself when something goes wrong. That's why it's so important to turn on error pages on the server to hide this kind of information.

You may want to read this PDF: http://www.spidynamics.com/papers/SQ...WhitePaper.pdf for more information.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Spargi D'Amaro Pianto (Donizetti) by Maria Callas (Track 15 from the album: Maria Callas: The Voice Within the Heart) What's This?


All times are GMT -4. The time now is 01:12 AM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.