"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.
Although you may see so many papers talk about this topic around the net, this one more specifically deeply discusses and shows the rationale of discovery as much as the process of exploitation.
So, just have a look at this ...
Thursday, November 02, 2006
Subscribe to:
Posts (Atom)
RSS Feed (xml)
