Which Vulnerability Researcher Discovered SQL injection?

SA Security Bloggers

SensePost

Haroon Meer
link

Matt Erasmus
link

Andrew Mohawk

Junaid Loonat
link

Barry Irwin
link

Tom Wells

Allen Baranov
link

Jock Forrester
link

IT Security Pubcast
link

Telspace

ISGAfrica

Ralfe Poisson

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.

Random Entry: Township Computing
< Viva Las Vegas, BlackHat & Defcon USA 2008 | SCP Transfer Resuming With Rsync >

Tuesday, July 15. 2008

Which Vulnerability Researcher Discovered SQL injection?

Rain Forest Puppy (rfp) in a merry Christmas of an article entitled "NT Web Technology Vulnerabilities", published in Phrack Magazine, Volume 8, Issue 54 on December 25th, 1998. He didn't actually call it SQL injection yet, that honour either goes to SANS or Chip Andrews in 2001. Source, Litchfield.

Here's the beginning of his summary, from the section entitled "ODBC and MS SQL server 6.5":

- WHAT'S THE PROBLEM? MS SQL server allows batch commands.
- WHAT'S THAT MEAN? I can do something like:
    SELECT * FROM table WHERE x=1 SELECT * FROM table WHERE y=5
Exactly like that, and it'll work. It will return two record sets, with each set containing the results of the individual SELECT.
- WHAT'S THAT REALLY MEAN? People can possibly piggyback SQL commands into your statements. Let's say you have:
    SELECT * FROM table WHERE x=%%criteria from webpage user%%
Now, what if %%criteria from webpage user%% was equal to:
    SELECT * FROM sysobjects
It would translate to:
    SELECT * FROM table WHERE x=1 SELECT * FROM sysobjects

Posted by Dominic White in Security at 08:56 | Comments (0) | Trackbacks (0)

Last modified on 2008-07-15 09:53

Trackbacks

Trackback specific URI for this entry

PingBack

Weblog: singe.za.net
Tracked: Jul 22, 17:23

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry