Re: [sqlite] Always call a value-quoting routine

2018-05-08 Thread Peter Da Silva
Nicely retro-feel website too: https://droptablecompanies.co.uk/ ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Always call a value-quoting routine

2018-05-07 Thread Rowan Worth
On 7 May 2018 at 15:13, Scott Robison wrote: > On Sun, May 6, 2018 at 11:34 PM, Rowan Worth wrote: > > Its omission is interesting though. Does it indicate an incompetent > > attacker, or is companieshouse.gov.uk using some bespoke approach like > >

Re: [sqlite] Always call a value-quoting routine

2018-05-07 Thread Peter Da Silva
On 5/7/18, 2:14 AM, "sqlite-users on behalf of Scott Robison" wrote: It could just indicate someone with a sense of humor who crafted a name that looks like an injection attack for their company. Most

Re: [sqlite] Always call a value-quoting routine

2018-05-07 Thread Scott Robison
On Sun, May 6, 2018 at 11:34 PM, Rowan Worth wrote: > Amusing -- but without the leading single-quote it would take intentional > effort for a programmer to detonate this payload. > > Its omission is interesting though. Does it indicate an incompetent > attacker, or is

Re: [sqlite] Always call a value-quoting routine

2018-05-06 Thread Rowan Worth
Amusing -- but without the leading single-quote it would take intentional effort for a programmer to detonate this payload. Its omission is interesting though. Does it indicate an incompetent attacker, or is companieshouse.gov.uk using some bespoke approach like "delete all single quotes" instead

Re: [sqlite] Always call a value-quoting routine

2018-05-05 Thread José María Mateos
On Sat, May 05, 2018 at 11:57:22PM +0100, Simon Slavin wrote: > This is a genuine company registered under the UK Companies Act: > > > > The name of company is > > ; DROP TABLE "COMPANIES";-- LTD Obligatory: https://xkcd.com/327/ Cheers,

Re: [sqlite] Always call a value-quoting routine

2018-05-05 Thread Scott Robison
Thanks for sharing that. It will undoubtedly be useful to me in a computer security class I'm taking this semester. On Sat, May 5, 2018, 4:57 PM Simon Slavin wrote: > This is a genuine company registered under the UK Companies Act: > >

[sqlite] Always call a value-quoting routine

2018-05-05 Thread Simon Slavin
This is a genuine company registered under the UK Companies Act: The name of company is ; DROP TABLE "COMPANIES";-- LTD (Note: For legal reasons a UK company name must end in 'LTD' or 'plc', depending on the type of company it is.) Simon.