[WEB SECURITY] SQL Injection through "name" field possible?

Tasos Laskos tasos.laskos at gmail.com
Tue Feb 1 22:19:28 EST 2011


Sorry man but Little Boby's name would go in the value part of the form 
not the name. ;)

On 02/02/11 01:40, Matthew Zimmerman wrote:
>> Generally, SQL injection is possible with the "value" field in a HTML form.
>> I was just wondering if it is practically possible through the "name"
>> field as well.
>
> I'm actually a little ashamed of this entire list for not mentioning
> this already.  Has no one heard of Little Bobby Tables?
> http://xkcd.com/327/
>
> Matt Zimmeran
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>





More information about the websecurity mailing list