"How much a Sql Injection is a hard vulnerability? It is supposed to be a way of gaining server side informations, execution of arbitrary commands, gaining of admin privileges in a web based forum and so on.. In short SQL Injection is supposed to be a server side vulnerability but sometimes it could be a client side one too.
Public and home-made CMS (Content Management System) are widely used on web servers, for a lot of reasons; one reason for all is text and URLs indexing and retrieving. This paper addresses a couple of alternative ways of using SQL Injection.
Let's suppose we are the developers of a CMS (Content Management System) and this CMS was used by a bank... Let's suppose we accidentally left a SQL Injection vulnerability on a page.
But wait! No problem! We created a user with no file permissions and so on, no sensitive information on the database, no web forum and nothing left on the server... It may still remain some problems..."
**Hidden Content: To see this hidden content your post count must be 20 or greater.**