One of the most common and dangerous web application vulnerabilities revolve around unsafe SQL (Structured Query Language) handling in applications. SQL injection is a type of security exploit in which the attacker inserts SQL code to a Web form input box to gain access to resources or make changes to data.

Successful SQL injection attempts can cause an attacker to not only steal data from a database, but also modify and/or delete it. Certain SQL Servers may also contain Stored and Extended Procedures (database server functions). If an attacker can obtain access to these Procedures it may be possible to compromise the entire system and through it, access other systems on the network.

Testing for SQL injection vulnerabilities is often a tedious and labor intensive process. Sqlmap is a powerful tool that aid in this test process. Currently at version 0.7 release candidate 1, sqlmap is a command-line automatic SQL Injection tool developed in python.

Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to retrieve remote DBMS databases, user names, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

sqlmap implements multiple techniques to attempt and exploit a SQL injection vulnerability. Inferential blind SQL injection, also known as boolean based blind SQL injection, UNION query (inband) SQL injection, also known as full UNION query SQL injection and Batched (stacked) queries support, also known as multiple statements support.

In addition to the common input sources, the tool can also test cookies. Since many applications store their session information using a cookie, this is a common practice during SQL injection attempts — one that most penetration tests often overlook.

Sqlmap excels more at exploiting an identified SQL injection vulnerability than finding it. Even with the high degree of automation, it still takes some time to identify vulnerabilities and requires some knowledge of SQL injection techniques.

Latest version of sqlmap is available at sourceforge. For information on preventing SQL injection vulnerabilities, refer to this cheat sheet.

Success in Internet Marketing:

Internet Marketing is probably the most effective and easiest way to make your product a great success ,globally. However a number of companies have not realized the potential of Internet Marketing and are yet to tap the potential of  the Internet to market their products and services. Success in Internet Marketing is relatively easy to achieve when compared to other modes of advertising, provided this is done in a systematic manner and implemented in a planned and phased manner.

With the number of tools available on the net, it is possible today to test and measure the effectiveness and hence the success or failure of your internet marketing campaigns and fine tune the campaigns to greater success and attain a greater ROI. (Return on Investment).

The following are the essential ingredients for one to succeed on the Internet.

1. A Good Product /Service
2. A Search Engine Friendly Website that describes your product/services professionally
3. An Effective Online Marketing Campaign
4. An Efficient testing and tracking mechanism  by which you can test and track the effectiveness of your campaigns.

Each of the above four disciplines is a huge subject in itself and I plan to talk about each one of then separately in my next few posts.

Half my advertising budget is wasted. Trouble is, I don’t know which half.

said American retailer John Wannamaker. With the availability of a number of tools that help you to measure the test the effectiveness of your Internet marketing campaigns, it can be safely said the battle in half won.

Here are some tips for curing the memory allocation errors WP Users may see from various modules when they try to edit, preview or publish a post.

“Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 500001 bytes)…..”

PHP memory allocation can be increased several ways.

1. Server wide PHP memory size can be increased via php.ini or similar and requires your hosting service partner’s help.
2. Easier solutions are either to

a. add the line php_value memory_limit 32M to your .htaccess file, or

b. add the line define('WP_MEMORY_LIMIT', '32M'); to your wp-config.php file in your WordPress installation folder.

Note: .htaccess is usually hidden if it exists (in your root Web folder). You may need to turn on the reveal hidden files option in your FTP client to see it.

Finally, wordpress is installed and almost all plug-ins are up. Trying to post an image threw up a cryptic error message

“The uploaded file could not be moved to…”

Looks like the default installation path for “Store uploads in this folder” is set as “"wp-content". Here’s what is need to fix this:

• Change the value from  “"wp-content" to “wp-content/upLoads"
• Create a directory called "upLoads" under the directory “wp-content". Note that the folder names are case sensitive.
• Assign World  ‘Read/Write/Execute’ permission (i.e: 0×777) for the new directory. 0×666 (Just Read/Write) doesn’t seem to cut it.

That should do it.