Señores:
Encontré esta información en el sitio de Microsoft, hay varios temas cuyo contenido es gratis.
http://www.microsoft.com/latam/entrenamiento/desarrolladores/default.mspx
Suscribirse a:
Enviar comentarios (Atom)
3 Clases de personas son infelices: el que no sabe y no pregunta, el que sabe y no enseña y el que enseña y no actúa
1 comentario:
Señores:
Uno de los temas que se tocan es el SQL Injection
Review
Question 1
What are some of the exploits that are provided by a SQL injection attack?
A) The opportunity to explore the design of the database
B) The opportunity to call system stored procedures
C) The opportunity to shutdown services
D) All the above exploits
Answer D is correct. All the exploits identified are possible through SQL injection attacks. Through the use of the default Open Database Connectivity (ODBC)/OLEDB error message resulting from an SQL injection attack, a hacker has the ability to investigate the design of a database, allowing the hacker to perform more focused attacks. By appending the appropriate SQL statements in an SQL injection attack, the hacker can call system-stored procedures. Finally, using these system-stored procedures, the hacker has the ability to call operating system level functions using the XP_CMDSHELL stored procedures, giving them the ability to shut down services.
Publicar un comentario