So there's the question. Can someone provide an example of a working sql injection attack?
> -----Original Message----- > From: Jochem van Dieten [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 23, 2006 2:05 PM > To: CF-Talk > Subject: Re: coldfusion sql injection > > Russ wrote: > > The string is also autoescaped even if you don't use cfqueryparam... at > > least on SQL server. Is it not with other DB systems? > > It is. But that is not enough. > > Jochem > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250765 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
