[WEB SECURITY] SQL Injection through "name" field possible?

Amit Klein aksecurity at gmail.com
Thu Feb 3 02:20:17 EST 2011


Will the real Amit Klein please stand up ;-)

That would be me. Yes, there are few people out there with the same
name (note to future parents: Google suggested offspring names), but
AFAIK I'm the only one meddling with infosec.

And thanks to Arian for saving my name from oblivion, and to others
who said good things about me in this thread ;-)

Best,
-Amit


On Wed, Feb 2, 2011 at 6:26 AM, Tasos Laskos <tasos.laskos at gmail.com> wrote:
> Foreigner here and Google returns a bunch of Amit Kleins.
> <thick accent> Who is this Amit Klein you speak of?</thick accent>
>
> On 02/02/11 04:18, Arian J. Evans wrote:
>>
>> To be fair, at first blush the casual reader could easily confuse the
>> content of this thread, transposing the question of testing Name=Value
>> for Value=Name.
>>
>> I, for one, am not the only lysdexic person on this list.
>>
>> In latter years I have learned we all benefit from channeling the
>> patient and benevolent persona of Amit Klein, :)
>>
>> ---
>> Arian Evans
>> Software Security Sophistry
>>
>>
>> On Tue, Feb 1, 2011 at 7:19 PM, Tasos Laskos<tasos.laskos at gmail.com>
>>  wrote:
>>>
>>> Sorry man but Little Boby's name would go in the value part of the form
>>> not
>>> the name. ;)
>>>
>>> On 02/02/11 01:40, Matthew Zimmerman wrote:
>>>>>
>>>>> Generally, SQL injection is possible with the "value" field in a HTML
>>>>> form.
>>>>> I was just wondering if it is practically possible through the "name"
>>>>> field as well.
>>>>
>>>> I'm actually a little ashamed of this entire list for not mentioning
>>>> this already.  Has no one heard of Little Bobby Tables?
>>>> http://xkcd.com/327/
>>>>
>>>> Matt Zimmeran
>>>>
>>>> _______________________________________________
>>>> The Web Security Mailing List
>>>>
>>>> WebSecurity RSS Feed
>>>> http://www.webappsec.org/rss/websecurity.rss
>>>>
>>>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>>>
>>>> WASC on Twitter
>>>> http://twitter.com/wascupdates
>>>>
>>>> websecurity at lists.webappsec.org
>>>>
>>>>
>>>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>>>
>>>
>>>
>>> _______________________________________________
>>> The Web Security Mailing List
>>>
>>> WebSecurity RSS Feed
>>> http://www.webappsec.org/rss/websecurity.rss
>>>
>>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>>
>>> WASC on Twitter
>>> http://twitter.com/wascupdates
>>>
>>> websecurity at lists.webappsec.org
>>>
>>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>>
>>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>




More information about the websecurity mailing list