When a webpage is vulnerable at SQl Injection?

Depending on how the application is coded the error will be like the following :

1. The SQL error is displayed on the page and is visible to the user from the

2.Web browser.The SQL error is hidden in the source of the Web page for debugging purposes.

3. Redirection to another page is used when an error is detected.

4. An HTTP error code 500 (Internal Server Error) or HTTP redirection code 302 is retured.

5.The application handles the error properly and simply shows no results, perhaps  displaying a generic error page.

Fom the book :
SQL Injection  - Attacks and Defense

0 comments:

Subscribe to: Post Comments (Atom)
Leave a comment if you like the post !