[ic] SQL Injection?
bob at nleaudio.com
Wed Sep 24 15:18:59 UTC 2014
Peter and Mike: thanks for the reply. Yes, I have grepped all around, and
have fixed the few sql queries I did find. But what is still escaping me is
in this list of paremeters:
I cannot find where there is a SQL statement that has mv_search_field in it,
so that I can filter it. This one though obviously is a parameter for a SQL
statement. Do I need to look inside /usr/local/interchange?
But this one:
They have done their insertion into mv_nextpage, of which I would think would
never hit the SQL, as that is internally used by IC. I could see if it were
like city or state, which does get inserted into the database, but mv_nextpage?
More information about the interchange-users