Kamis, 22 September 2011

Manual Sql Ijection

SQL INJECTION is a code injection technique that exploit a security vulnerable occurring in database layer of an application like Queries.  the vulnerability is present when user input either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly type and thereby unexpectedly executed. It happens from using poorly designed query language interpreters. In the wild, it has been noted that applications experience, on average.


so i will show you when vulnerability sql injection is present. I was found the vulnerability when I browse on a website that can be exploit with sql injection technique. the normally URL is http://victim.biz/?menuid=40, I tried to input character "( ' )" to get error from the application and the url like this http://victim.biz/?menuid='40 so the respond of the website was show a blank page. its mean that the target is vulnerable but I found the error message not yet.