Re: is JSP&servelet web app SQL Injection Free?



salamond wrote:
Hi, all.

I'm new to pen-testing.

Just finished my tour with a couple of tools:
webscarab
sqlmap
ratproxy

But it shows OK for every page that I've been through.

I went through a couple of SQL Injection tutorial, and most of them
are focusing on
php or asp pages.

So here's my question, it may sound stupid, but
is there no SQL Injection problems in JSP&Java sevelet web app?

sure. however, there are no practical differences between not sanitizing
input on php/asp to not sanitizing input on jsp/perl/ruby/whatever

most of the differences are to do with the backend sql engine, not the
active content language.



Relevant Pages

  • is JSP&servelet web app SQL Injection Free?
    ... I went through a couple of SQL Injection tutorial, ...
    (Pen-Test)
  • [Full-disclosure] [Tool] sqlmap 0.6 released
    ... I am glad to release sqlmap version 0.6. ... sqlmap is an automatic SQL injection tool developed in Python. ... extensive back-end database management system fingerprint, retrieve DBMS ... Added support to read options from configuration file, ...
    (Full-Disclosure)
  • [Tool] sqlmap 0.6 released
    ... I am glad to release sqlmap version 0.6. ... sqlmap is an automatic SQL injection tool developed in Python. ... extensive back-end database management system fingerprint, retrieve DBMS ... Added support to read options from configuration file, ...
    (Pen-Test)
  • [Tool] sqlmap 0.6 released
    ... I am glad to release sqlmap version 0.6. ... sqlmap is an automatic SQL injection tool developed in Python. ... extensive back-end database management system fingerprint, retrieve DBMS ... Added support to read options from configuration file, ...
    (Bugtraq)
  • [Full-disclosure] [Tool] sqlmap 0.6.3 released
    ... I am glad to release sqlmap version 0.6.3. ... sqlmap is an automatic SQL injection tool developed in Python. ... extensive back end database management system fingerprint, ... Major enhancement to get list of targets to test from Burp proxy ...
    (Full-Disclosure)