May 2011

SQL Injection and WAFs

Had a friend today test a site with multiple SQL injection points across the application. It was blind injection - no errors were being returned to the browser, but on a valid (true) statement you'd get content back, on a false statement and error you'd get nothing. One particular vulnerable page was quite basic (only one parameter, the result of which would display just one small text article), so we had a go at guessing the number of columns and the type of columns for a 'union select' injection.

Hacking an E-commerce Site - for fun or profit?

Having testing a number of e-commerce sites in recent times, I wanted to share some of the vulnerabilities encountered, and the reasons why someone would seek to exploit them. Recent high profile hacks in the media have rightly made retailers sit up and take notice of security - whilst PCI DSS attempts to mandate a certain level of assurance, the risk of losing substantial amounts of money and seriously damaging reputation focuses the attention on security more than any overarching standard.