See Allaire Security bulletin ASB99-04 for an example:
http://www.allaire.com/handlers/index.cfm?ID=8728&Method=Full
Erki
----- Original Message -----
From: "Bert Dawson" <[EMAIL PROTECTED]>
To: "Fusebox" <[EMAIL PROTECTED]>
Sent: Thursday, October 19, 2000 6:25 PM
Subject: RE: Shell out some $ and start using STOMP, okay? (malicious
SQL)
> what do you mean by "malicious" SQL?
> How would this work?
>
> Bert Dawson
>
> > -----Original Message-----
> > From: McCollough, Alan [mailto:[EMAIL PROTECTED]]
> > Sent: 19 October 2000 15:59
> > To: Fusebox
> > Subject: Shell out some $ and start using STOMP, okay?
> >
> <snip>
> >
> > The tool does a good job of looking at queries and pointing
> > out stuff like
> > changing any cf vars in a UPDATE/INSERT/DELETE query to
> > #VAL(foo)# so that
> > any malicious SQL gets translated into a 0. Never paid a ton
> > of attention to
> > that one either.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
