Re: [Owasp-modsecurity-core-rule-set] Need suggestion for a SQLI pattern

Christian Folini Thu, 11 Feb 2016 11:57:51 -0800

Richard,

On Thu, Feb 11, 2016 at 05:50:02PM +0000, Richard Lin wrote:
> But I am not sure how careless developers
> can directly take the input as SQL itself. That sounds too naive to be 
> believed :)


A few months ago, I saw an application with a complete sql query in a
cookie named "searchform". Little bobby tables would have been
impressed.

Ahoj,

Christian

-- 
mailto:christian.fol...@netnea.com
http://www.christian-folini.ch
twitter: @ChrFolini
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Re: [Owasp-modsecurity-core-rule-set] Need suggestion for a SQLI pattern

Reply via email to