SQL注入测试 [英] SQL Injection test
问题描述
我有一个页面使用表单将邮政编码传递到另一个页面,我想要对SQL注入进行测试。什么是安全的(即没有
DELETING of data)声明试试,我将如何格式化以在表格中尝试
。
我把这个字段限制在10个字符,所以我知道我必须用更大的字段对它进行测试
因为黑客可以重写表格而且
使用lerger试图攻击的领域。
非常感谢提前
VoodooJai
I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.
Many thanks in advance
VoodooJai
推荐答案
Voodoo Jai写道:
Voodoo Jai wrote:
我有一个页面使用表格将邮政编码传递到另一个页面而我
想要针对SQL注入进行测试。什么是安全的(即没有
DELETING of data)声明试试,我将如何格式化以在表格中尝试
。
我把这个字段限制在10个字符,所以我知道我必须用更大的字段对它进行测试
因为黑客可以重写表格而且
使用lerger尝试攻击的领域。
非常感谢提前
VoodooJai
I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.
Many thanks in advance
VoodooJai
你需要针对黑客所做的事情进行测试 - 即删除。
你不应该在现场系统上进行测试 - 总是在
a开发系统上进行测试,备份数据库后。
-
==================
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
js ******* @ attglobal.net
==================
You need to test against the same things a hacker does - i.e. DELETE.
And you should NEVER be testing on a live system anyway - always test on
a development system, after backing up your databases.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
10月11日,1:27 * pm,Jerry Stuckle< jstuck ... @ attglobal.netwrote:
On Oct 11, 1:27*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
Voodoo Jai写道:
Voodoo Jai wrote:
我有一个页面使用表格将邮政编码传递到另一个页面而我
想要测试它反对SQL注入。什么是安全的(即没有
DELETING of data)声明试试,我将如何格式化以在表格中尝试
。
我把这个字段限制在10个字符,所以我知道我必须用更大的字段对它进行测试
因为黑客可以重写表格而且
使用lerger试图攻击的字段。
I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.
非常感谢提前
Many thanks in advance
VoodooJai
VoodooJai
您需要针对黑客所做的事情进行测试 - 即删除。
并且您永远不应该在实时系统上进行测试 - 始终在<备份数据库后,
a开发系统。
-
============ ======
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
jstuck ... @ attglobal.net
==================
You need to test against the same things a hacker does - i.e. DELETE.
And you should NEVER be testing on a live system anyway - always test on
a development system, after backing up your databases.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
我已备份我的数据库但不知道要在表格,
有人可以给我看一个例子。
I have backed up my db but dont know the syntax to use in the form,
could someone show me an example.
10月11日,9:06 * am,Voodoo Jai< voodoo ... @ btinternet.comwrote:
On Oct 11, 9:06*am, Voodoo Jai <voodoo...@btinternet.comwrote:
10月11日,1:27 * pm,Jerry Stuckle< jstuck ... @ attglobal.netwrote:
On Oct 11, 1:27*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
Voodoo Jai写道:
Voodoo Jai wrote:
我有一个页面使用表单传递邮政编码到另一个页面我和/ b $ b想要针对SQL注入进行测试。什么是安全的(即没有
DELETING of data)声明试试,我将如何格式化以在表格中尝试
。
我把这个字段限制在10个字符,所以我知道我必须用更大的字段对它进行测试
因为黑客可以重写表格而且
使用lerger试图攻击的字段。
I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.
非常感谢提前
Many thanks in advance
VoodooJai
VoodooJai
你需要对它进行测试黑客所做的事情 - 即删除。
你永远不应该在现场系统上进行测试 - 在备份你的数据库后,总是在
a开发系统上进行测试。
You need to test against the same things a hacker does - i.e. DELETE.
And you should NEVER be testing on a live system anyway - always test on
a development system, after backing up your databases.
-
==================
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
jstuck ... @ attglobal.net
==================
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
我已备份我的数据库但不知道要在表格,
有人可以给我看一个例子.-隐藏引用的文字 -
- 显示引用的文字 -
I have backed up my db but dont know the syntax to use in the form,
could someone show me an example.- Hide quoted text -
- Show quoted text -
我一直想成为那个说谷歌是你的朋友的人。使用
您的主题标题并谷歌。第一次点击包含测试工具
it( http://www.zubrag.com/tools/sql-injection-test.php) ,大约
640,000其他点击量。
>
Bill H
I''ve always wanted to be the one that says google is your friend. Use
your subject title and google it. 1st hit contains tools for testing
it (http://www.zubrag.com/tools/sql-injection-test.php), with about
640,000 other hits also.
Bill H
这篇关于SQL注入测试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!