reply to discussion below-wk5cmit colins

I’m trying to learn for my Science class and I’m stuck. Can you help?

Having an unsecured website on the internet when it comes to code vulnerability assessments not being completed or unsanitized form fields on the websites can leave a huge hole for hackers to jump right in and completely mess up any SQL tables running on the database server or even attack the servers themselves.

By allowing SQL commands to be sent through the form fields (obviously not on purpose, but by oversight), the attacker can just type in an SQL query to check if the form is vulnerable to SQL insertion. In a guide written by Haroon Meer, he would input something like:

blah’ OR 1=1—

and if the form or web page returned an error that looked like:

Microsoft OLE DB Provider for SQL Server error ‘80040e14’

Unclosed quotation mark before the character string ” and Password=”.

/login.asp, line 40

then the attacker knows that the form did not sanitize form fields and allowed SQL to pass through to the SQL database. Now the attacker would easily be able to continue sending commands through the form field to login as different users or create accounts, give it administrator access, then either steal everyone’s information or wreak havoc by deleting all of the tables.

This short guide (citation below) had a very short but easy to read guide on how to test a website for SQL insertion vulnerabilities and then how to try logging in as an administrator and then how to read tables and gather usernames. This certainly helped explain it a bit better than the CEH handbook!

Meer, H. (n.d.). SQL Insertion. Retrieved June 16, 2019, from https://www.cgisecurity.com/lib/SQLinsertion.htm

Quite Quote

QUICK QUOTE

Approximately 250 words

custom essy

Order an essay from experts and get an A+

Address: 679 Dola Mine Road Raleigh
Email: support@academic-research-pro.com
Website: www.academic-research-pro.com
Toll Free: +1800-672-9816

Disclaimer

All Papers produced are meant for reference purposes only. Academic Research Pro does not give the consent and authority to copy and reproduce the papers.

Terms and Conditions | Privacy Policy 

Banner of payment methods of cheap essay writing service