SQL-Injection for dummies

History

Last time I wanted to log in www.schulhomepage.de, something strange came to my mind. There had been serious security troubles with the login into a school´s website to administrate all pupils´ marks and tests and noone seemed to feel responsible for that – although we tried to persuade the webmaster to do something against this.

Trying something old with something new

I tested exactly the same issue with Schulhomepage´s website. Although they are a portal for rating websites of schools, inform about creating a website and are build by a „professional“ company, they made some critical mistake. I was able to log me into peoples` accounts by guessing their passwords. It seemed to be very easy, because though everyone tells about the importance of an appropriate password, they seemed to be very unimaginative. I think i guessed 10 passwords just by thinking of school, pupils and computers.

So what?

As part of unspoken convention, I immediately notified the owner of the site who told me, he will speak to his programmer – i hope so. Sometimes i could be so easy to avoid these big issues. But sometimes

Last, but not least

I hope SQL-Injection will finally find its way out of the web – thus this will hopefully sometimes become true.

Veröffentlicht von

Alexander Kammerer

Student, Blogger, Leser. Bloc Party und Bob Dylan Enthusiast. Motto/Ästhetik: "Schönheit ist Freiheit in der Erscheinung" - Friedrich Schiller

  • I accidentally deleted my joomla files from server? How to install it and have it as it was?

  • alex94

    Your database should still be there. You would have to install your plugins again but if you use the database you already have, at least your sites and articles are there then.