
Hack
Get flash to fully experience Pearltrees
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises. We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches.
SQL Injection Attacks by Example
Une armée de toysoldiers a fait plier un supermarché de jouets pour enfants qui s'était emparé du nom de domaine d'artistes suisses allemands. Une forme d'hacktivisme ludique. Performance artistique, jeu vidéo en réseau, manifestation en ligne, la “ toywar ” fut probablement l’œuvre d’art la plus chère de l’histoire de l’humanité (estimée à 4,5 milliards de dollars).

