ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [WEB SECURITY] Re: SQL In the Request



;-) оказывается до сих пор бывает и такое судя по результатам гугла...

> -----Original Message-----
> From: Jeremiah Grossman [mailto:jeremiah@xxxxxxxxxxxxxxx] 
> Sent: Thursday, October 05, 2006 11:23 PM
> To: Web Security
> Subject: Re: [WEB SECURITY] Re: SQL In the Request
> 
> Yep, it happens:
> 
> inurl:"SQL Where" inurl:asp
> 
> http://www.google.com/search?hl=en&lr=&q=inurl%3A%22SQL+Where%
> 22+inurl 
> %3Aasp&btnG=Search
> 
> On Oct 5, 2006, at 8:35 AM, bryan allott wrote:
> 
> >
> > Just when i thought i had seen it all... -i come across a site which
> > passes in the following as part of the REQUEST..
> > yes, the SWF builds a request and sends it through to a php  
> > server... in
> > plain text.
> >
> > POST /flashsql.php?id=106 HTTP/1.1
> >
> > = QUERYSTRING ====
> > id=106
> >
> > = BODY ====
> > host=<HOSTNAME>
> > sql_=SELECT DISTINCT(movies.id), movies.name, filename FROM movies  
> > LEFT
> > JOIN groups_movies ON (movies.id = groups_movies.movie_id) LEFT JOIN
> > groups ON (groups.id = groups_movies.group_id) LEFT JOIN  
> > files_groups ON
> > (groups.id = files_groups.group_id) LEFT JOIN files ON (files.id =
> > files_groups.file_id) WHERE movies.id 
> IN(155,150,52,149,134,133,76)  
> > AND
> > files.file_type_id=9 ORDER BY movies.id
> > dat=sk_cms
> >
> > is there anyway that this can be "acceptable" ?
> >
> >
> >
> >



 




Copyright © Lexa Software, 1996-2009.