http://joelonsoftware.com/items/2006/11/01.html
11.3% of web applications have SQL injection vulnerabilities.
Joel wrote:
"
I tried to sign up for an online site. ... The signup page wanted a secret
question and secret answer. ... For the secret answer, I put "Aunt Vera
doesn't have a cat." And I got this:
1064: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
't have a cat', 'male')' at line 1
This is an extremely common problem: Michael Sutton did a little research
project and found that 11.3% of web applications have SQL injection
vulnerabilities.
"
No comments:
Post a Comment