Академический Документы
Профессиональный Документы
Культура Документы
SQL injection is a type of security exploit in which the attacker adds SQL code to a Web form input box to gain access to the database resources
For example, in a search page, the developer may execute a query (VBScript/ASP) using the code : Set myRecordset = myConnection.execute("SELECT * FROM myTable WHERE someText ='" & request.form("inputdata") & "'")
locations:
IDS log files Database server log files Web server log files
The attack signature may look like: 12:34:35 192.2.3.4 HEAD GET /login.asp?username=blah or 1=1 12:34:35 192.2.3.4 HEAD GET /login.asp?username=blah or )1=1 (-12:34:35 192.2.3.4 HEAD GET /login.asp?username=blah or exec master..xp_cmdshell 'net user test testpass --
Deep Log Analyzer: is an advanced web analytics solution for small and medium size websites
Lab: Acunetix
13