Explore Videos MSDN eNews Social
Windows
Web
Phone
Cloud
Visual Studio
Security
ALM
Breakpoint
Canada Does Windows Azure
More
The latest on developer tools and technologies you care about.

Sign Up
Latest Editions
Previous Editions  
Stay connected through on your favourite social network.

Twitter
Facebook
LinkedIn

SQL Injection and the “Flintstones/Jetsons” Way to Deal with Licence Plate Cameras

SQL Injection and the “Flintstones/Jetsons” Way to Deal with Licence Plate Cameras

  • Comments 1

Renault with a banner across its bumper reading "ZU 0666', 0, 0); DROP DATABASE TABLE LICENCE;"Click the photo to see it at full size.

“Flintstones/Jetsons” is a term that Mark Mothersbaugh from Devo uses to describe technology solutions that are a combination of low- and high-tech. It’s probably an apt term for what the driver of the Renault in the photo above is doing to foil licence plate cameras. If the “Jetsons” part – the SQL injection attack comprising the text on the banner on the bumper – doesn’t work, the “Flintstones” approach of physically covering up the licence plate will.

SQL Injection-a-Rama

No quick tour of SQL injection is complete without mentioning this classic XKCD comic, Exploits of a Mom. If you’ve ever heard someone use the phrase “Little Bobby Tables” when talking about databases and security, here’s where it comes from:

The classic "Little Bobby Tables" XKCD comic.

 

"SQL" with a syringe sticking through it

Want a good introduction to SQL injection attacks? Start with SQL Injection Attacks by Example at Steve Friedl’s Unixwiz.net Tech Tips. It walks you through the steps of an SQL injection attack, where a cracker (note that I said “cracker” – there are hackers and crackers, and there’s a difference) uses a combination of deductive reasoning and unexpected, unsanitized input to get unintended results from the database.

Also worth checking out:

 

Here’s an enjoyable presentation by Joe McCray on Advanced SQL Injection, which he gave at the 2009 LayerOne conference. He likes to drop the “f-bomb” and “s-bomb” every now and again while presenting, but if you don’t mind a little salty language, it’s a good security talk:

(You can download the slides from Joe’s presentation in PDF format here.)

This article also appears in Global Nerdy.

Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post
  • Thanks for sharing it here i looking forward for your next placement

Page 1 of 1 (1 items)