Sign in to follow this  
Followers 0
TT1TTONE

SQL-injection

4 posts in this topic

Hi!

I'm new to this board and even newer to this topic, so please bare with me.

Lets say that you were running a forum with n-amount of members. The forum software had a security flaw that someone exploited by injecting SQL-queries into a badly designed form, thus getting over some sensitive data. And lets say that you had caught this someone's IP-address while he was doing so - how would/should you proceed from there on?

Most likely, he was behind some sort of proxy. Would that make any work to trace him pointless?

0

Share this post


Link to post
Share on other sites

You could try for a warrant to get the records of the proxy and try to follow the breadcrumbs home.

0

Share this post


Link to post
Share on other sites

I would patch the hole, inform the parties affected by the breach, and enact preventative measures to mitigate further exploitation.

0

Share this post


Link to post
Share on other sites

I would patch the hole, inform the parties affected by the breach, and enact preventative measures to mitigate further exploitation.

This. Most definitely this.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0