Results 1 to 3 of 3

Thread: SQL injection

  1. #1
    Join Date
    Oct 2003

    Unanswered: SQL injection

    I try to test SQL injection on .ASP webpage but it return an 500-internal server error message.But I know it has been SQL injection
    What I have to do?
    Thanks a lot.Sorry about my English.

  2. #2
    Join Date
    Oct 2003

    How do you know you're able to use SQL injection. Do you get errors in the ASP file while entering 'wrong' code such as quotes.

    The way I try to use SQL Injection:
    Type quotes in an input field
    If you see some SQL Server errors
    you can mess with the database or leave a gental message (mostly in a new table) to attend the DB Admin that his DB is very bad secured.

    I don't know if this can help you,
    If not, please reply your problem more specific

    Greetz Da Witte

  3. #3
    Join Date
    Oct 2003


    Every web application, ASP or not, needs to "sanitize" the data that is typed into each and every input field. This means removing unprintable characters, converting quotes to \" or whatever, checking the length and so-on.

    You can write, or find, a pretty good Visual Basic function to do that. But you have to remember to do that, for each and every input.

    Lots of web-pages simply don't get tested by "nasty testers" who are trying to make it break. They are "tested" by the same folks who wrote them, who obviously are getting tired of the work and don't really want to discover "one more bug."
    ChimneySweep(R): fast, automatic
    table repair at a click of the

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts