I tried to look at a webpage, typoed the domain name, and got select chrOrgType from tblOrgName where chrOrgName='The Rodents' Nest' limit 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Nest' limit 1' at line 1
Guess who's vulnerable to an SQL injection attack! (I must admit a temptation to take a leaf from xkcd #327 and change my org name to "xyz'; DROP TABLE tblOrgName; --" and hit the page again, but between the effort involved and the fundamental ethical issues with vandalizing even a typosquatter's system, didn't.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
