Feel like messing up some poor administrators day

google the following 'inurl:select inurl:where inurl:%20'
and watch all the evil SQL sqlurls come out.




All the more reason to use cfqueryparam

Comments

1
Joshua

OMG. I know I shouldn't be surprised any more... but OMG.

2
Andy Matthews

Am I missing something? Are you just talking about all of the links to delete statements in PhpMyAdmin?

3
Joshua

Plus the full SQL statements via URL params.

4
John

If you filter through those you will see a lot of government sites that are open for sql injection attacks

Write your comment

(it will not be displayed)