Logging in MySQL

 Forensics, Fundamentals, Hacks, Research, Sql Injection, Tools  1 Response »
Oct 082012
 

Scope: This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database. Getting Started: Following are the types of logs available in MySQL[1]. Log Type Information Written to Log Error log Problems encountered starting, running, or stopping mysqld General query log Established client connections and statements received from clients Binary log Statements that change data (also used for replication) Relay Read More…

SQL Injection in Stored Procedure & Preventing from the same

 Secure Coding, Sql Injection  No Responses »
Sep 302009
 

Following is the small example of creating a stored procedure. ==================================================================== CREATE PROC sp_login (@loginid nvarchar(25),@password nvarchar(25)) AS DECLARE @SQLString VARCHAR(500) DECLARE @loginid VARCHAR(64) DECLARE @password VARCHAR(64) /* Build the SQL string once.*/ SET @SQLString = ‘SELECT * from cust_users WHERE login_id = ‘+ ””+@loginid+”” + ‘AND password = ‘+ ””+@password+”” EXECUTE sp_executesql @SQLString