SQL Injection

Found another site that is vulnerable for SQL Injection and the page is actually allow customer to check the status of repaired items.
First I enter the single quote into the textbox and i was shocked because I actually can see the source code!!!
from the error message that threw out, i able to know the developer are actually using SQLDataReader and the sourcefile location (which I already blur it). The next attack I’m going to do is to start grabbing the information through SQL injection techniques and as I expected I able to retrive it!!!
There you go, I able to retrieve the personal information of customer.

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s