|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Quentin Chung
Programmer (ChungProgrammer)
Date: Mon Mar 30 2009 - 23:59:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
see
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet from Dave Wichers
Best Regards, Quentin
----- Original Message -----
From: "NETTLES, RICHARD R." <rn0308982otc.edu>
To: "pen-test" <pen-testsecurityfocus.com>
Sent: Monday, March 30, 2009 3:50 AM
Subject: Sql injection/admin privileges
>I have been trying to learn more about website penetration. At the moment, a friend of mine runs a website and told me I could use it to help me out as long as I don't destroy anything and report to him everything I find. While I was doing manual input into the login, I found a hole that will give me access to a members account. Is it possible to access the admin account, or at least receive elevated privileges through that same hole? What reading material would you recommend to learn more about doing SQL injections, and what are some certifications that I should look into getting?
>
> Thank you,
> Richard
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT.
>
> http://www.infosecinstitute.com/request_online_training.html
> ------------------------------------------------------------------------
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]