Win a copy of Microservices in Action this week in the Web Services forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Does this sound believable?  RSS feed

 
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I like fiction, here is an attempt at writing one. It is not totally original, I heard a similar story from a friend who tests security of networks.

He was presented with a login page that required username and password. He entered some text with special characters
etc. The query ran, generating a database exception. Exception was not caught and it appeared on the error page. He understood the database used. Perhaps the query was:


He got the syntax spec. and looked at few queries, tried writing a query or two. He read about the Where clause. He started trying different strings as inputs. In the meanwhile, he learnt about the different exceptions that DBMS could generate.

Then he entered the magic word in the password field: (X)* OR TRUE. The query ran again, not spitting an exception this time. He had broken into the system.


Let me know what you think.
Thanks!

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is an example of a SQL injection attack!
 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh!... then this is not fiction
 
Jaydeep Mazumdar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
LOL: Check out this link for SQL Injection: http://en.wikipedia.org/wiki/SQL_injection
 
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can say this is no fiction having worked in a project to fix these kind of vulnerabilities in a web application. It was fun and you would marvel at the way these hackers think and in turn make you think.

Not related here but another think we came across was the usage of profanity by hackers and had to write code to look for swear words in user inputs
 
Jaydeep Mazumdar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check out Web Goat! It provides a great way to learn about the various web application vulnarabilities.

http://code.google.com/p/webgoat/
 
Java Cowboy
Posts: 16084
88
Android IntelliJ IDE Java Scala Spring
 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!