Home page logo

pen-test logo Penetration Testing mailing list archives

JSP and SQL Injection
From: vijay.upadhyaya () gmail com
Date: 9 May 2007 21:12:13 -0000

Was wondering if SQL Injection will work on the web app using JSP. 
 I remember faintly that Java has some inbuilt checks on query break but not too sure, is there any way to bypass that 
Any pointers will be greatly appreciated. 
Currently on the User creation page for this application is taking input as ";" or " ' " or anything u input in the 
text box. 
Wanted to confirm if it is vulnerable to SQL INjection . 
Tried putting 
x' or 'a'='a' 
but app did not come up with syntex error which means that there is a check for query break ...
let me know u r views on the same

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
  • JSP and SQL Injection vijay . upadhyaya (May 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]