Video Demostration of a simple, yet effective, SQL Injection Attack
Just came across the video on YouTube that has a very simple demonstration of a SQL injection attack. It demonstrates just how easy it is to get past JavaScript authentication control and how easy it is to inject SQL into a site once you take control of the web form.
Granted with was a .NET site, and this hack would not work in modern versions of ColdFusion (Unless the password was numeric or the developer was using PreserveSingleQuotes()), it is food for thought about how easily sites can be hacked with simple techniques that even the script kiddies can deploy easily.
Would have saved him some of this work anyway - (the validation anyway)
happy hacking