I have a testing trip coming up that involves a web application built using MS Access on the backend. I've just gotten Jusin Clarke's great book SQL Injection Attacks and Defense. There doesn't seem to be a treatise on SQL injection for MS Access, but there are some good sources. I know that Access doesn't support the ', so I'm working on other methods. Already, I have information on the application, and based on what I've discussed with the developers, the app has to be "injectable," it's just a matter of where. Some of the MS Access SQL Injection resources I've been going through include:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment