WebApp Sec mailing list archives
SQL Injection
From: Emanuele Zattin <emanuelez () mymachine mydomain com>
Date: Fri, 28 May 2004 09:17:44 +0200 (CEST)
Hello Everybody! I recently found out that one of my websites suffered SQL injections like this: Login: a' OR 'a'='a Password: a' OR 'a'='a I solved the problem checking whether the logon or password variables contained the "'" char... is it safe enough? i checked around the net and found a recent paper from Imperva but it does not talk about single chars checking... i tried to ude different encodings but that string in UTF-8 is just the same... any hint?
Current thread:
- SQL Injection Emanuele Zattin (May 31)
- Re: SQL Injection windo (Jun 01)
- RE: SQL Injection V. Poddubniy (Jun 01)
- Re: SQL Injection Serg B. (Jun 01)
- Re: SQL Injection RSnake (Jun 01)
- Re: SQL Injection Paul (Jun 01)
- <Possible follow-ups>
- RE: SQL Injection Scovetta, Michael V (Jun 01)
- Re: SQL Injection David Cameron (Jun 02)
- RE: SQL Injection Imperva Application Defense Center (Jun 02)
- RE: SQL Injection stevenr (Jun 02)
- Re: SQL Injection Steven M. Christey (Jun 03)
(Thread continues...)