Apr 24 2008

Feel like messing up some poor administrators day

Posted by john at 8:50 AM
4 comments
- Categories: Adobe

google the following 'inurl:select inurl:where inurl:%20'
and watch all the evil SQL sqlurls come out.




All the more reason to use cfqueryparam

Comments

Joshua

Joshua wrote on 04/24/08 9:20 AM

OMG. I know I shouldn't be surprised any more... but OMG.
Andy Matthews

Andy Matthews wrote on 04/24/08 10:08 AM

Am I missing something? Are you just talking about all of the links to delete statements in PhpMyAdmin?
Joshua

Joshua wrote on 04/24/08 10:10 AM

Plus the full SQL statements via URL params.
John

John wrote on 04/24/08 10:11 AM

If you filter through those you will see a lot of government sites that are open for sql injection attacks

Write your comment



(it will not be displayed)