[WEB SECURITY] SQL Injection through "name" field possible?
Arian J. Evans
arian.evans at anachronic.com
Tue Feb 1 23:18:20 EST 2011
To be fair, at first blush the casual reader could easily confuse the
content of this thread, transposing the question of testing Name=Value
I, for one, am not the only lysdexic person on this list.
In latter years I have learned we all benefit from channeling the
patient and benevolent persona of Amit Klein, :)
Software Security Sophistry
On Tue, Feb 1, 2011 at 7:19 PM, Tasos Laskos <tasos.laskos at gmail.com> wrote:
> Sorry man but Little Boby's name would go in the value part of the form not
> the name. ;)
> On 02/02/11 01:40, Matthew Zimmerman wrote:
>>> Generally, SQL injection is possible with the "value" field in a HTML
>>> I was just wondering if it is practically possible through the "name"
>>> field as well.
>> I'm actually a little ashamed of this entire list for not mentioning
>> this already. Has no one heard of Little Bobby Tables?
>> Matt Zimmeran
>> The Web Security Mailing List
>> WebSecurity RSS Feed
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>> WASC on Twitter
>> websecurity at lists.webappsec.org
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
More information about the websecurity