[ic] SQL query as cgi par: strange behavior
m.mescoli at omnib.it
Fri Dec 2 16:50:01 UTC 2011
Il 02/12/2011 16:50, Stefan Hornburg (Racke) ha scritto:
> On 12/02/2011 04:36 PM, Marco Mescoli wrote:
>>>> All you need to do is call that page with ?sku=drop+table+products and
>>>> will have a dead catalog.
>> You are a bad boy Racke.
>> Sssshh, this is our secret ;-)
> Writing your own code to build search/SQL queries gives you more
> and can't be exploited like above.
> Have fun
My own code ?
Do you mean inside [calc] [perl] or with local/global usertag or how else ?
Marco "Fino alla bara sinpara"
Marco "Up to demise we rise"
More information about the interchange-users