I tried to look at a webpage, typoed the domain name, and got

   select chrOrgType from tblOrgName where chrOrgName='The Rodents' Nest'
   limit 1You have an error in your SQL syntax; check the manual that
   corresponds to your MySQL server version for the right syntax to use
   near 'Nest' limit 1' at line 1

Guess who's vulnerable to an SQL injection attack!  (I must admit a
temptation to take a leaf from xkcd #327 and change my org name to
"xyz'; DROP TABLE tblOrgName; --" and hit the page again, but between
the effort involved and the fundamental ethical issues with vandalizing
even a typosquatter's system, didn't.)

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                [email protected]
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Reply via email to