SQL

TwitterFacebook
Get flash to fully experience Pearltrees
MySQL ( pron.: / m aɪ ˌ ɛ s k juː ˈ ɛ l / "My S-Q-L", [ 4 ] officially, but also called / m aɪ ˈ s iː k w əl / "My Sequel") is (as of 2008) the world's most widely used [ 5 ] [ 6 ] open source relational database management system (RDBMS) [ 7 ] that runs as a server providing multi-user access to a number of databases. It is named after co-founder Michael Widenius ' daughter, My. [ 8 ] The SQL phrase stands for Structured Query Language. [ 4 ] The MySQL development project has made its source code available under the terms of the GNU General Public License , as well as under a variety of proprietary agreements. MySQL was owned and sponsored by a single for-profit firm, the Swedish company MySQL AB , now owned by Oracle Corporation . [ 9 ] MySQL is a popular choice of database for use in web applications, and is a central component of the widely used LAMP open source web application software stack (and other 'AMP' stacks). http://en.wikipedia.org/wiki/MySQL

MySQL

http://www.unixwiz.net/techtips/sql-injection.html#target A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended.

SQL Injection Attacks by Example

http://msdn.microsoft.com/en-us/library/aa260689(v=sql.80).aspx

xp_cmdshell

Executes a given command string as an operating-system command shell and returns any output as rows of text. Grants nonadministrative users permissions to execute xp_cmdshell . Note When executing xp_cmdshell with the Microsoft® Windows® 98 operating systems, the return code from xp_cmdshell will not be set to the process exit code of the invoked executable.
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. http://www.unixwiz.net/techtips/sql-injection.html

SQL Injection Attacks by Example

Start Date: Friday, April 13, 2012 Location:

MariaDB: Solutions Day for the MySQL® Database | SkySQL

http://www.skysql.com/mysql-solutions-day