Home page logo

webappsec logo WebApp Sec mailing list archives

SQL Injection
From: Emanuele Zattin <emanuelez () mymachine mydomain com>
Date: Fri, 28 May 2004 09:17:44 +0200 (CEST)

Hello Everybody!
I recently found out that one of my websites suffered SQL injections like 

Login: a' OR 'a'='a
Password: a' OR 'a'='a

I solved the problem checking whether the logon or password variables 
contained the "'" char... is it safe enough? i checked around the net and 
found a recent paper from Imperva but it does not talk about single chars 
checking... i tried to ude different encodings but that string in UTF-8 is 
just the same... any hint?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]