I tried this kind of attack on a test page hooked up to a Access Database,
and could not get Access to drop the table. Does Access not recognize the
Drop Table SQL command?
Im also wonder what other SQL commands could be passed other than DROP that
could cause damage.
Im really glad this subject has come up.
At 05:42 PM 7/9/2001 -0400, you wrote:
>I think the script is a good first attempt and seems to address the URL
>hack threads previously that have gone around.
>
>so programatically (SQL wise) what else might one post in the string to
>pickup further data???... May the SQL gods speak...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
