[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
From: y3nh4ck3r@xxxxxxxxx
Date: Thu, 14 May 2009 11:16:54 -0600

I said him this. But he wants to solve on this way.
After publishing, I checked the fixing and I notified him again.

Is as difficult to include mysql_real_escape_string, addslashes, etc? 

If you want security, your app mustn't depend on Magic quotes...

Prev by Date: Re: Insufficient Authentication vulnerability in Asus notebook
Next by Date: Re: Insufficient Authentication vulnerability in Asus notebook
Previous by thread: Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
Next by thread: [security bulletin] HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
Index(es):
- Date
- Thread