Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

JSP and SQL Injection
From: vijay.upadhyaya () gmail com
Date: 9 May 2007 21:12:13 -0000
Was wondering if SQL Injection will work on the web app using JSP. 
 I remember faintly that Java has some inbuilt checks on query break but not too sure, is there any way to bypass that 
? 
Any pointers will be greatly appreciated. 
Currently on the User creation page for this application is taking input as ";" or " ' " or anything u input in the 
text box. 
Wanted to confirm if it is vulnerable to SQL INjection . 
Tried putting 
x' or 'a'='a' 
but app did not come up with syntex error which means that there is a check for query break ...
let me know u r views on the same
Regards, 
Vijay

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • JSP and SQL Injection vijay . upadhyaya (May 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]