On Tue, Jun 7, 2011 at 11:03 AM, Hari Kurup <[email protected]> wrote:
> On 7 June 2011 09:49, David Gelvin <[email protected]> wrote: > >> So a note to all web admins out there: CLEAN YOUR INPUTS. If 'item' >> should always be an integer, raise a 404 if it's anything other than an int. >> And if you didn't write the code, but you're responsible for it, test for >> these vulnerabilities. Test using sqlmap, because you know others will if >> you don't. >> > > > Plus I'd say start by securing the username and password for the 'admin' > account, which at the moment is set to the default. > > Ha! That works too.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
