tag:blogger.com,1999:blog-2652037085533556004.post8396719415046637965..comments2023-09-08T18:57:49.293+03:00Comments on Interfete 4 Web - Carcoteala zilnica despre interfete web: SQL injectors si best practices in interfetele web. Exemplu curs.cs.pub.roUnknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-2652037085533556004.post-69488702938486904532008-11-08T12:14:00.000+02:002008-11-08T12:14:00.000+02:00O sa primesti.... =)) e facuta o parte din ea publ...O sa primesti.... =)) e facuta o parte din ea publica pe un forum... :DAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2652037085533556004.post-64086514509580361602008-11-08T01:04:00.000+02:002008-11-08T01:04:00.000+02:00@ParazituAi dreptate. :)Am gasit ca si comentariu ...@Parazitu<BR/>Ai dreptate. :)<BR/>Am gasit ca si comentariu in sursa HTML de pe evz.ro asa ceva:<BR/><BR/> SELECT a.id_article, a.title, a.description, a.status, a.teaser, a.date, a.id_category FROM `articles_has_positions` ap, articles a WHERE ap.id_article = a.id_article AND a.code & 1 AND ap.id_position = '1'AND ap.date between '2008-11-08 00:00:00' AND '2008-11-08 23:59:59' AND a.active = '1' ORDER BY ap.date DESC LIMIT 1 <BR/><BR/>Ceea ce ofera un hint ca, daca nu se fac validari de caractere in insasi baza de date, in principiu ar fi posibil un SQL injection. In plus, ne spune cat de amatori sunt minunatii programatori care au scris siteul.<BR/><BR/>Daca vii cu demonstratie de atac incununat cu succes ( pe privat totusi) ai o bere de la mine (chiar mai multe).Dragoshttps://www.blogger.com/profile/02629367224471092706noreply@blogger.comtag:blogger.com,1999:blog-2652037085533556004.post-47717122592108224512008-11-07T23:32:00.000+02:002008-11-07T23:32:00.000+02:00Am vazut si eu cum se testeaza sql injection pe si...Am vazut si eu cum se testeaza sql injection pe site-ul de la evenimentul zilei...care mai presus de toate, daca dadeai view source page, vedeai toate interogarile bazei de date ca si comment-uri, care mai erau si functionabile... =)) sincer nu stiu ce fel de programator ar face asa ceva...sa lase toate interogarile la indemana oricui...si la un site destul de vizitat, pot spune... Concluzia, nu toti sunt programatori...multi se joaca pe bani grei in programare...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2652037085533556004.post-41988586012813421612008-11-07T23:11:00.000+02:002008-11-07T23:11:00.000+02:00Am adaugat in articol. Este vorba despre http://we...Am adaugat in articol. Este vorba despre http://web-volution.blogspot.com/2008/11/interfete-web-care-inghit-orice.html.Dragoshttps://www.blogger.com/profile/02629367224471092706noreply@blogger.comtag:blogger.com,1999:blog-2652037085533556004.post-53341380743508930682008-11-07T23:03:00.000+02:002008-11-07T23:03:00.000+02:00Unde ai vazut articolul initial?Nu de alta, dar fr...Unde ai vazut articolul initial?<BR/>Nu de alta, dar frumos e sa citezi si sursa.Anonymousnoreply@blogger.com