标签 ‘Cheat Sheet’ 下的日志

SQL Injection/XSS Cheat Sheet

作者: jon

最近很流行 Cheat Sheet, 把一些常用該知道的東西整理好的小抄(或許也可以說是懶人包?), 印出來立在桌邊, 不過印超過兩張就發現桌子沒地方放, 好像也蠻頭大的.. XD

今天正巧看到一篇不同於其它 Cheat Sheet 的文章: SQL Injection Cheat Sheet,這篇文章把常用的 SQL Injection的方法都列出來, 來看 SQL Injection 的危險程度(針對 MySQL, SQL Server, PostgreSQL, Oracle… 等).

不曉得 SQL Injection 是什麼, 可以看 M$ 的解說:SQL Injection (資料隱碼) – 駭客的 SQL填空遊戲及應用… XD

順手整理 Cheat Sheet:
阅读全文 »

Tags: , , ,

New Version of SQL Injection Cheat Sheet

来源:Ferruh Mavituna

鬼仔注:我原来发过一个SQL Injection Cheat Sheet
现在作者又进行了更新,下面是更新历史:
# 21/03/2007 – v1.2

* BENCHMARK() sample changed to avoid people DoS their MySQL Servers
* More Formatting and Typo
* Descriptions for some MySQL Function

# 30/03/2007 v1.3

* Niko pointed out PotsgreSQL and PHP supports stacked queries
* Bypassing 阅读全文 »

Tags: , ,

SQL Injection Cheat Sheet

<style type="text/css">
<!–
.STYLE1 {color: #FF0000}
–>
</style>
<h1 class="STYLE1">SQL Injection Cheat Sheet</h1>
<p>Currently only for MySQL and Microsoft SQL Server. Most of the samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and SQL sentences. <br/><br/>Samples are provided to allow reader to get basic idea of a potential attack.</p> 阅读全文 »

Tags: , ,