Thread-topic: [WEB SECURITY] Re: SQL In the Request
;-) оказывается до сих пор бывает и такое судя по результатам гугла...
> -----Original Message-----
> From: Jeremiah Grossman [mailto:jeremiah@xxxxxxxxxxxxxxx]
> Sent: Thursday, October 05, 2006 11:23 PM
> To: Web Security
> Subject: Re: [WEB SECURITY] Re: SQL In the Request
>
> Yep, it happens:
>
> inurl:"SQL Where" inurl:asp
>
>
> 22+inurl
> %3Aasp&btnG=Search
>
> On Oct 5, 2006, at 8:35 AM, bryan allott wrote:
>
> >
> > Just when i thought i had seen it all... -i come across a site which
> > passes in the following as part of the REQUEST..
> > yes, the SWF builds a request and sends it through to a php
> > server... in
> > plain text.
> >
> > POST /flashsql.php?id=106 HTTP/1.1
> >
> > = QUERYSTRING ====
> > id=106
> >
> > = BODY ====
> > host=<HOSTNAME>
> > sql_=SELECT DISTINCT(movies.id), movies.name, filename FROM movies
> > LEFT
> > JOIN groups_movies ON (movies.id = groups_movies.movie_id) LEFT JOIN
> > groups ON (groups.id = groups_movies.group_id) LEFT JOIN
> > files_groups ON
> > (groups.id = files_groups.group_id) LEFT JOIN files ON (files.id =
> > files_groups.file_id) WHERE movies.id
> IN(155,150,52,149,134,133,76)
> > AND
> > files.file_type_id=9 ORDER BY movies.id
> > dat=sk_cms
> >
> > is there anyway that this can be "acceptable" ?
> >
> >
> >
> >
