Monday, May 31, 2010

MS Access SQL Injection

I have a testing trip coming up that involves a web application built using MS Access on the backend.  I've just gotten Jusin Clarke's great book SQL Injection Attacks and Defense.  There doesn't seem to be a treatise on SQL injection for MS Access, but there are some good sources.  I know that Access doesn't support the ', so I'm working on other methods.  Already, I have information on the application, and based on what I've discussed with the developers, the app has to be "injectable," it's just a matter of where.  Some of the MS Access SQL Injection resources I've been going through include:

No comments:

Post a Comment