Feel like messing up some poor administrators day

google the following 'inurl:select inurl:where inurl:%20'
and watch all the evil SQL sqlurls come out.




All the more reason to use cfqueryparam

Posted on: Apr 24, 2008 | 4 Comments | Categories: Adobe

Comments

1
Joshua
Joshua wrote on 04/24/08 9:20 AM

OMG. I know I shouldn't be surprised any more... but OMG.

2
Andy Matthews
Andy Matthews wrote on 04/24/08 10:08 AM

Am I missing something? Are you just talking about all of the links to delete statements in PhpMyAdmin?

3
Joshua
Joshua wrote on 04/24/08 10:10 AM

Plus the full SQL statements via URL params.

4
John
John wrote on 04/24/08 10:11 AM

If you filter through those you will see a lot of government sites that are open for sql injection attacks

Write your comment

(it will not be displayed)