By mhenke
via coldfusionmuse.com
Published: Jul 19 2008 / 03:59
Back in February I wrote a blog post on SQL Injection that included an example of how a malicious user might inject into a character field even though ColdFusion escapes single quote marks. The attack involved other forms of escaping single quotes - and was effective against MySQL. This week I stumbled upon (more like a train wreck) an attack that is much more sophisticated - and also involves injection into a character field. I am told.....
Comments
ivo_danihelka replied ago:
I read something similar... 5 years ago!
Voters For This Link (9)
Voters Against This Link (5)