Nytro Posted February 27, 2012 Report Posted February 27, 2012 (edited) On Christmas day, 1998 Phrack 54 was issued. Phrack[1], is a “Hacker magazine written by the community, for the community”. It is an excellent source of technical security information and in this particular edition, 54, there was an article entitled “NT Web Technology Vulnerabilities” written by rfp – or rain forest puppy. Amongst other things this article described a number of attacks that employed SQL injection, though at no point is this term used in the article. rfp discusses IDC and ASP applications running on Microsoft’s Internet Information Server feeding into SQL Server 6.5. This article is the first real public outing of SQL injection – it just wasn’t called SQL injection at that time. That would come later. Next of note was a security advisory published by Allaire[2] on February the 4th 1999, a little over a month after rfp’s article. The security bulletin discusses the threat posed by “Multiple SQL Statements in Dynamic Queries”.Link: http://phrack.org/issues.html?issue=54&id=8#articleCititi, si nu uitati ca a fost scris in 1998... Edited February 27, 2012 by Nytro Quote
Ghett0 Posted February 27, 2012 Report Posted February 27, 2012 O informatie chiar interesanta, unu la mana.Doi la mana... pacat ca la un astfel de thread nu posteaza mai nimeni Quote
Nytro Posted February 27, 2012 Author Report Posted February 27, 2012 Nu e nevoie sa posteze, vreau doar sa citeasca, si sa realizeze ca dupa 13 ani de la aparitia acestui fenomen, au inceput sa apara persoane auto-intitulate "hackeri" doar pentru ca presupun ca inteleg aceasta tehnica.O sa postez diseara niste articole interesante, sa inteleaga lumea ca la capitolul SQLI suntem cu vreo 8 ani in urma... Quote
Skribul222 Posted February 27, 2012 Report Posted February 27, 2012 Nu e nevoie sa posteze, vreau doar sa citeasca, si sa realizeze ca dupa 13 ani de la aparitia acestui fenomen, au inceput sa apara persoane auto-intitulate "hackeri" doar pentru ca presupun ca inteleg aceasta tehnica.O sa postez diseara niste articole interesante, sa inteleaga lumea ca la capitolul SQLI suntem cu vreo 8 ani in urma... Nitro stii cum se zice, cand va venii sfarsitul lumii veniti la noi, suntem cu 50 de ani in urma. Quote
Paul4games Posted February 27, 2012 Report Posted February 27, 2012 Am citit articolul, stiam ca in phrack se gasesc o gramada de lucruri interesante dar de asta nu stiam.....oricum din cate puteti vedea pe aceea vreme securitate serverelor era de 100 de ori mai la pamant decat acum, atunci exploiturile 0day in windows erau ca ciupercile dupa ploaie..... Quote
Ghett0 Posted February 28, 2012 Report Posted February 28, 2012 Nitro stii cum se zice, cand va venii sfarsitul lumii veniti la noi, suntem cu 50 de ani in urma.Bun cliseul, dar e plin de script kiddies peste tot, nu doar in Romanica... comentam in legatura cu faptul ca a scazut setea propriu-zisa de cunoastere, mai peste tot. Quote
