All data sent by the browser to a Web application, if used in a SQL query, can
be manipulated in order to inject SQL code: GET and POST parameters, cookies
and other HTTP headers. Some of these values can be found in the environment
variables. The GET and POST parameters are typically entered
On Tue, 06 Mar 2012 14:28:51 CST, Adam Behnke said:
Unlike other parameters, cookies are not supposed to be handled by users.
Any site that designs its security model around that concept will get what
it richly deserves.
pgpAFBRIQyzSn.pgp
Description: PGP signature
Even so, watch all the advisories pour in now for cookie-based SQL
injection. :/
On Mar 6, 2012 12:44 PM, valdis.kletni...@vt.edu wrote:
On Tue, 06 Mar 2012 14:28:51 CST, Adam Behnke said:
Unlike other parameters, cookies are not supposed to be handled by users.
Any site that designs its
Yes, because this is incredibly new.
On Tue, Mar 6, 2012 at 8:54 PM, Zach C. fxc...@gmail.com wrote:
Even so, watch all the advisories pour in now for cookie-based SQL
injection. :/
On Mar 6, 2012 12:44 PM, valdis.kletni...@vt.edu wrote:
On Tue, 06 Mar 2012 14:28:51 CST, Adam Behnke said: