Link Details

Link 96293 thumbnail
User 272685 avatar

By mhenke
via coldfusionmuse.com
Published: Jul 19 2008 / 03:59

Back in February I wrote a blog post on SQL Injection that included an example of how a malicious user might inject into a character field even though ColdFusion escapes single quote marks. The attack involved other forms of escaping single quotes - and was effective against MySQL. This week I stumbled upon (more like a train wreck) an attack that is much more sophisticated - and also involves injection into a character field. I am told.....
  • 9
  • 5
  • 2124
  • 614

Comments

Add your comment
User 316979 avatar

ivo_danihelka replied ago:

1 votes Vote down Vote up Reply

I read something similar... 5 years ago!

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.