WebApp Sec mailing list archives
RE: SQL Injection
From: "WebAppSecurity [Technicalinfo.net]" <webappsec () technicalinfo net>
Date: Wed, 9 Jun 2004 20:09:30 +0100
There are many many more possibilities for XSS then simply the <script> tag, of course it depends on where the resulting string ends up, but simply replacing the <script> tag is *not* enough.
You may want to have a read of http://www.technicalinfo.net/papers/CSS.html which goes into some of the alternitive atack vectors - and can readily ported across for SQL insertion... In fact any code insertion attack vectors. Cheers, Gunter
Current thread:
- RE: SQL Injection, (continued)
- RE: SQL Injection stevenr (Jun 06)
- RE: SQL Injection The Crocodile (Jun 06)
- Re: SQL Injection Jeff Williams (Jun 08)
- Re: SQL Injection saphyr (Jun 09)
- RE: SQL Injection The Crocodile (Jun 06)
- Request for comments - French readers saphyr (Jun 08)
- RE: SQL Injection stevenr (Jun 06)
- Re: SQL Injection Steven M. Christey (Jun 08)
- RE: SQL Injection Michael Howard (Jun 09)
- RE: SQL Injection or XML gcb33 (Jun 09)
- RE: SQL Injection Michael Howard (Jun 09)
- RE: SQL Injection Michael Silk (Jun 09)
- RE: SQL Injection WebAppSecurity [Technicalinfo.net] (Jun 10)
- RE: SQL Injection stevenr (Jun 09)
- RE: SQL Injection Michael Silk (Jun 09)
- RE: SQL Injection V. Poddubniy (Jun 10)
- encryption over the web OPTUSBYS (Jun 14)
- Re: encryption over the web Sam (Jun 14)
- Re: encryption over the web Keith W. McCammon (Jun 14)
- Re: encryption over the web Ivan Krstic (Jun 14)
- Re: encryption over the web Paul Johnston (Jun 14)
- Re: encryption over the web Pawel Jablonski (Jun 14)
- Re: encryption over the web Frank Knobbe (Jun 16)
- encryption over the web OPTUSBYS (Jun 14)