[WEB SECURITY] SQL Injection through "name" field possible?

Tasos Laskos tasos.laskos at gmail.com
Tue Feb 1 23:26:18 EST 2011


Foreigner here and Google returns a bunch of Amit Kleins.
<thick accent> Who is this Amit Klein you speak of?</thick accent>

On 02/02/11 04:18, Arian J. Evans wrote:
> To be fair, at first blush the casual reader could easily confuse the
> content of this thread, transposing the question of testing Name=Value
> for Value=Name.
>
> I, for one, am not the only lysdexic person on this list.
>
> In latter years I have learned we all benefit from channeling the
> patient and benevolent persona of Amit Klein, :)
>
> ---
> Arian Evans
> Software Security Sophistry
>
>
> On Tue, Feb 1, 2011 at 7:19 PM, Tasos Laskos<tasos.laskos at gmail.com>  wrote:
>> Sorry man but Little Boby's name would go in the value part of the form not
>> the name. ;)
>>
>> On 02/02/11 01:40, Matthew Zimmerman wrote:
>>>>
>>>> Generally, SQL injection is possible with the "value" field in a HTML
>>>> form.
>>>> I was just wondering if it is practically possible through the "name"
>>>> field as well.
>>>
>>> I'm actually a little ashamed of this entire list for not mentioning
>>> this already.  Has no one heard of Little Bobby Tables?
>>> http://xkcd.com/327/
>>>
>>> Matt Zimmeran
>>>
>>> _______________________________________________
>>> The Web Security Mailing List
>>>
>>> WebSecurity RSS Feed
>>> http://www.webappsec.org/rss/websecurity.rss
>>>
>>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>>
>>> WASC on Twitter
>>> http://twitter.com/wascupdates
>>>
>>> websecurity at lists.webappsec.org
>>>
>>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>>
>>
>>
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity at lists.webappsec.org
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>
>





More information about the websecurity mailing list