[ OWASP - Montreal ] Does all sql injection vuln. leads to exploitation?

gueb at owasp.org gueb at owasp.org
Mon Apr 6 22:30:34 EDT 2009


Sorry guys, I forgot a couple of details to clarify my question :)

- My question was more on the attacker point of view, not the victim
- I am also considering that the victim is not a secure mind sysadmin, so
everything is running under root, and database running with admin
privileges.
- So the door is wide open

With those conditions, you are in front of a SQL injection vuln, with no
monitoring to block you, no IPS, no problem :

- Every minute spent is an investment? Be patient, analyse, you will find a
way to exploit the vulnerability?


2009/4/6 gueb2009 <gueb2009 at gmail.com>

> Sorry guys, I forgot a couple of details to clarify my question :)
>
> - My question was more on the attacker point of view, not the victim
> - I am also considering that the victim is not a secure mind sysadmin, so
> everything is running under root, and database running with admin
> privileges.
> - So the door is wide open
>
> With those conditions, you are in front of a SQL injection vuln, with no
> monitoring to block you, no IPS, no problem :
>
> - Every minute spent is an investment? Be patient, analyse, you will find a
> way to exploit the vulnerability?
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-montreal/attachments/20090406/a6692095/attachment.html 


More information about the Owasp-montreal mailing list