MySQL – Page 43 – WindowsTechs.com

How does stored procedure prevents SQL injection?

Posted on October 1, 2014 by Anandu M Das

May be I am not much clear about the stored procedure. Can someone explain me how stored procedure prevents SQL injection with a simple example using MySql.

Continue reading How does stored procedure prevents SQL injection?→

How does stored procedure prevents SQL injection?

Posted on October 1, 2014 by Anandu M Das

May be I am not much clear about the stored procedure. Can someone explain me how stored procedure prevents SQL injection with a simple example using MySql.

Continue reading How does stored procedure prevents SQL injection?→

HIPAA requirements for local server

Posted on September 6, 2014 by CampSoup1988

I am looking to create a ePHI database for a small physical therapy office and I would like some advice on some of the security that I will need to implement.
Most computers will most likely have no internet access, except for doing schedu… Continue reading HIPAA requirements for local server→

System that manages real money

Posted on June 16, 2014 by Alec

I am working on a project that incorporates real money into peoples accounts. Their accounts are stored in a MySQL database and inside it there is a column called “BALANCE”.

When the users send money through PayPal, the PayP… Continue reading System that manages real money→

Should I obscure database primary keys (IDs) in application front end?

Posted on April 22, 2014 by Pruthvi Raj Nadimpalli

I’m working on an application which allows a moderator to edit information of user.
So, at the moment, I have URL’s like

http://www.example.com/user/1/edit
http://www.example.com/user/2/edit

I’m a bit worried here, as I’m directly expos… Continue reading Should I obscure database primary keys (IDs) in application front end?→

Uploading Shell Using SQLI

Posted on October 31, 2013 by Ahmed Taher

I found an SQL injection vulnerability in a Wordpress installation inside one of my lab machines and I am trying to leverage it to upload a shell.

I can get the admin hash but it seems that it is quite complex as JTR and HAS… Continue reading Uploading Shell Using SQLI→

How to get the output of a SQL injection?

Posted on October 9, 2013 by Jack Owen

This is just for learning purpose. I want to get all the usernames and passwords from a table in a MySQL server, where “magic quotes” have been disable.
In the input for the username: I put something like:

username’; SELECT … Continue reading How to get the output of a SQL injection?→

How to get the output of a SQL injection?

Posted on October 9, 2013 by Jack Owen

username’; SELECT * FROM users;
… Continue reading How to get the output of a SQL injection?→

Is it possible to do SQL injection (HIGH Level) on Damn Vulnerable Web App?

Posted on October 3, 2013 by Guillaume Néry

I searched all over google to see how it would be possible to bypass the following (it’s from the high level of security from DVWA):

<?php

if (isset($_GET[‘Submit’])) {

// Retrieve data

$id = $_GET[‘id’];
$id = stripslashes($id)… Continue reading Is it possible to do SQL injection (HIGH Level) on Damn Vulnerable Web App?→

Issues setting up DVWA for SQLMAP [closed]

Posted on September 28, 2013 by XcutionX

I am starting on sqlmap, and have dvwa for practicing web app penetration.
I am having the error "Could not connect to the database – please check the config file."
Not sure what the problem is but I have been searching. Nothing … Continue reading Issues setting up DVWA for SQLMAP [closed]→