Full Disclosure mailing list archives

Re: Cookie based SQL Injection

From: Benji <me () b3nji com>
Date: Tue, 6 Mar 2012 22:48:53 +0000

Yes, because this is incredibly new.

On Tue, Mar 6, 2012 at 8:54 PM, Zach C. <fxchip () gmail com> wrote:

Even so, watch all the advisories pour in now for "cookie-based SQL
injection." :/
On Mar 6, 2012 12:44 PM, <Valdis.Kletnieks () vt edu> wrote:

On Tue, 06 Mar 2012 14:28:51 CST, Adam Behnke said:

Unlike other parameters, cookies are not supposed to be handled by

users.

Any site that designs its security model around that concept will get what
it richly deserves.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Cookie based SQL Injection Adam Behnke (Mar 06)
- Re: Cookie based SQL Injection Valdis . Kletnieks (Mar 06)
  - Re: Cookie based SQL Injection Zach C. (Mar 06)
    - Re: Cookie based SQL Injection Benji (Mar 06)