Content deleted Content added
Added citation needed. Previous citation was a self-published source. |
|||
Line 124:
==Examples==
* in September 1995, Andrew Plato, a technical writer for Microsoft discovered that he could send SQL queries through URL string of an early e-commerce site and directly query the database (SQL Server 6.0). Unaware of what this meant, Plato approached developers who dismissed the issue as irrelevant. <ref>{{
* In February 2002, Jeremiah Jacks discovered that Guess.com was vulnerable to an SQL injection attack, permitting anyone able to construct a properly-crafted URL to pull down 200,000+ names, credit card numbers and expiration dates in the site's customer database.<ref>{{cite web|url=http://www.securityfocus.com/news/346|title=Guesswork Plagues Web Hole Reporting|publisher=[[SecurityFocus]]|date=March 6, 2002}}</ref>
* On November 1, 2005, a teenage hacker used SQL injection to break into the site of a [[Taiwan]]ese information security magazine from the Tech Target group and steal customers' information.<ref>{{cite web|url=http://www.xiom.com/whid-2005-46|title=WHID 2005-46: Teen uses SQL injection to break to a security magazine web site|publisher=[[Web Application Security Consortium]]|date=November 1, 2005|accessdate=December 1, 2009}}</ref>
| |||