Even read-only SQL injection has its 'uses'. Ie. it can be used to exploit 'SELECT's.
For example, in some systems, depending on how login is implemented its possible to use SQL injection to login as an admin user - to pick one possible use. On 26 November 2010 13:38, Tim Hoffman <[email protected]> wrote: > GQL is read only , so you can't inject anything if your using GQL, or > for that matter Query objects. > > T > > On Nov 26, 8:37 pm, pdknsk <[email protected]> wrote: >> And by clarify I mean verify. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
