Home Tech & Games

SQL Injection Vulnerabilities Are Way Too Common

UnknownUnknown
edited July 2011 in Tech & Games
After poking around on the internet in various nooks and crannies, I've come to the conclusion that there are too many developers out there who totally overlook the concept of SQL injection! It amazes me just how many sites are vulnerable to such a feeble exploit, especially because as a developer, you should always be beefing your code up as you write it as well as excessively testing the website for vulnerabilities BEFORE it goes on the internet. It's such a simple process too - anyone can run a few SQL commands from their browser and get some information to be displayed on screen, and even the most complicated of SQL statements aren't really that difficult to compose as you're going along.

If you want to see exactly what I mean, have a look around the internet. Even the most unthought of places are vulnerable to something as lame as SQL injection. Try your school website, your local library's site, the website of the guitar tutor who lives down the street - I bet one of them is vulnerable. If you can't find anything through luck, try some Google Dorks and find yourself a website to mess around with.
Share on Twitter

Comments

  • UnknownUnknown
    edited July 2011
    ^ But that's half the fun of programming - making it all secure and buffed so no one can get in. It makes you feel like you just topped off your web application with a nice big splooge of whipped cream. Whenever I make something, I always try and hack it as soon as I think that I'm finished. There's always one thing which you miss, I swear. Maybe that's just me being a crappy coder though.

    I used to hang out on the Lulzsec IRC and they were giving lessons on hacks they performed - a lot of the stuff involved SQLi, like you said. There was some more advanced stuff thrown in there though, so I think a few of the guys definitely had the ability to go further than SQL attacks. I guess you just pick the easiest route though, why go through all the hard work of doing something more advanced when you can just modify a URL a little bit and get all the information you need? :D
    Share on Twitter
Sign In or Register to comment.