50 Ways to Inject Your SQL

Marc Olanié vient de m’envoyer le lien vers un clip super sympa… allez je vous en fais profiter, ainsi que des paroles (plus bas) qui sont croustillantes 😉

Enjoy !

(Auteur et source : Paco Hope)

_I see your input’s not validated properly

You have to check it at all tiers: 1, 2 and 3

Give me a browser and quite soon you will agree. There must be

50 ways to inject your SQL_

_You see it really is my business to intrude

The CTO wants to see this web app broke into

Turn on my proxy and all doubt will be removed. There must be

50 ways to inject your SQL

50 ways to inject your SQL_

_Try a quick hack, Jack

Add a new row, Joe

Try an insert, Kurt

Change their SQL query_

_Evade the regex, Rex

Encode it all in hex

Unbalance the quotes, Vinod

And change the query_

_Break the syntax, Max

Use a backslash, Cash

Try command shell, Mel,

And change the query_

_Use “one equals one,” son,

Unhandled exception!

Read the stack trace, ace

and change the query_

_He said our application is secure against your kind

There are no simple vulnerabilities to find

I said your coders write their code like they are blind, there must be

50 ways to inject your SQL_

_He said our logs show unexpected funds were sent

Its probably time we started using Prepared-Statements

I said I’m glad you’re seeing what I meant, there were

50 ways to inject your SQL

50 ways to inject your SQL_

_Break the syntax, Max

Use a backslash, Cash

Try command shell, Mel,

And change the query_

_Use “one equals one,” son,

Unhandled exception!

Read the stack trace, ace

and change the query_

_Try a quick hack, Jack

Add a new row, Joe

Try an insert, Kurt

Change their SQL query_

_Evade the regex, Rex

Encode it all in hex

Unbalance the quotes, Vinod

And change the query_

Comments

Comment by ITI on 2009-06-19 10:19:42 +0200

Sifflez en hackant, la la la… he ho, he ho, XSS au boulot…. 🙂

Comment by Cédric Pernet on 2009-06-19 14:53:42 +0200

Ton titre de post me fait penser à un morceau de Megadeth, mon ptit Bruno : « 99 Ways to Die » 😉