< Viva Las Vegas, BlackHat & Defcon USA 2008 | SCP Transfer Resuming With Rsync >
Jul 15

Which Vulnerability Researcher Discovered SQL injection?

Security No comments »
Security

Rain Forest Puppy (rfp) in a merry Christmas of an article entitled "NT Web Technology Vulnerabilities", published in Phrack Magazine, Volume 8, Issue 54 on December 25th, 1998. He didn't actually call it SQL injection yet, that honour either goes to SANS or Chip Andrews in 2001. Source, Litchfield.

Here's the beginning of his summary, from the section entitled "ODBC and MS SQL server 6.5":

- WHAT'S THE PROBLEM? MS SQL server allows batch commands.

- WHAT'S THAT MEAN? I can do something like:
    SELECT * FROM table WHERE x=1 SELECT * FROM table WHERE y=5
Exactly like that, and it'll work. It will return two record sets, with each set containing the results of the individual SELECT.

- WHAT'S THAT REALLY MEAN? People can possibly piggyback SQL commands into your statements. Let's say you have:
    SELECT * FROM table WHERE x=%%criteria from webpage user%%
Now, what if %%criteria from webpage user%% was equal to:
    SELECT * FROM sysobjects
It would translate to:
    SELECT * FROM table WHERE x=1 SELECT * FROM sysobjects

Posted by Dominic White

Last modified on 2008-07-15 09:53

1 Trackbacks

Trackback specific URI for this entry
  1. singe.za.net
    07/22/2008 05:23:59 PM

    PingBack

0 Comments

Display comments as(Linear | Threaded)
  1. No comments

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA