JSP and SQL Injection

From: vijay.upadhyaya@gmail.com
Date: Wed May 09 2007 - 17:12:13 EDT

Next message: John Reno: "RE: Opinions of automated testers"
Previous message: Benny Tsai: "Re: Opinions of automated testers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Was wondering if SQL Injection will work on the web app using JSP.
I remember faintly that Java has some inbuilt checks on query break but not too sure, is there any way to bypass that ?
Any pointers will be greatly appreciated.
Currently on the User creation page for this application is taking input as ";" or " ' " or anything u input in the text box.
Wanted to confirm if it is vulnerable to SQL INjection .
Tried putting
x' or 'a'='a'
but app did not come up with syntex error which means that there is a check for query break ...
let me know u r views on the same
Regards,
Vijay

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Next message: John Reno: "RE: Opinions of automated testers"
Previous message: Benny Tsai: "Re: Opinions of automated testers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:47 EDT