Home page logo
/

pen-test logo Penetration Testing mailing list archives

JSP and SQL Injection
From: vijay.upadhyaya () gmail com
Date: 9 May 2007 21:12:13 -0000

Was wondering if SQL Injection will work on the web app using JSP. 
 I remember faintly that Java has some inbuilt checks on query break but not too sure, is there any way to bypass that 
? 
Any pointers will be greatly appreciated. 
Currently on the User creation page for this application is taking input as ";" or " ' " or anything u input in the 
text box. 
Wanted to confirm if it is vulnerable to SQL INjection . 
Tried putting 
x' or 'a'='a' 
but app did not come up with syntex error which means that there is a check for query break ...
let me know u r views on the same
Regards, 
Vijay

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • JSP and SQL Injection vijay . upadhyaya (May 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault