Anatomy of a SQL Injection Attack

Trailrunner7 writes "SQL injection has become perhaps the most widely used technique for compromising Web applications, thanks to both its relative simplicity and high success rate. It's not often that outsiders get a look at the way these attacks work, but a well-known researcher is providing just that. Rafal Los showed a skeptical group of executives just how quickly he could compromise one of their sites using SQL injection, and in the process found that the site had already been hacked and was serving the Zeus Trojan to visitors." Los's original blog post has more and better illustrations, too.pa href="http://developers.slashdot.org/story/10/02/26/0542206/Anatomy-of-a-SQL-Injection-Attack?from=rss"img src="http://developers.slashdot.org/slashdot-it.pl?from=rssamp;op=imageamp;style=h0amp;sid=10/02/26/0542206"/aa href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fdevelopers.slashdot.org% 2Fstory%2F10%2F02%2F26%2F0542206%2FAnatomy-of-a-SQL-Injection-Attack" target="_blank" title="Share on Facebook"img src="http://a.fsdn.com/sd/facebook_icon_large.png"/a a href="http://twitter.com/home?status=Anatomy+of+a+SQL+Injection+Attack%3A+h ttp%3A%2F%2Fbit.ly%2FcMSudH" target="_blank" title="Share on Twitter"img src="http://a.fsdn.com/sd/twitter_icon_large.png"/a/ppa href="http://developers.slashdot.org/story/10/02/26/0542206/Anatomy-of-a-SQL-Injection-Attack?from=rss"Read more of this story/a at Slashdot./p pa href="http://feedads.g.doubleclick.net/~at/U1-kOX51PKfm-DaCzTUGYxaTlFs/0/da"img src="http://feedads.g.doubleclick.net/~at/U1-kOX51PKfm-DaCzTUGYxaTlFs/0/di" border="0" ismap="true"/img/abr/ a href="http://feedads.g.doubleclick.net/~at/U1-kOX51PKfm-DaCzTUGYxaTlFs/1/da"img src="http://feedads.g.doubleclick.net/~at/U1-kOX51PKfm-DaCzTUGYxaTlFs/1/di" border="0" ismap="true"/img/a/pimg src="http://feeds.feedburner.com/~r/Slashdot/slashdotDevelopers/~4/zDu4qvUpXto" height="1" width="1"/

More...