User talk:Jeblad

From MediaWiki.org

Jump to: navigation, search

[edit] Security risks in Extension:DataTable

You stated in Extension:DataTable that the extension does not sanitize the SQL code (which is correct) and that therefore arbitrary SQL statements can be injected. Could you kindly provide an example of injecting a statement? RV1971 08:24, 8 September 2009 (UTC)

SQL code injection should be pretty strightforward. Usually you end the present statement as a NOP, adds one or several new statemens, and include an additional statement to do the normal work of the SQL statement. Search on the net for other examples. Usually there are a few key indikators that can be used to dismiss dangerous strings. Jeblad 09:46, 13 September 2009 (UTC)
Retrieved from "http://www.mediawiki.org/wiki/User_talk:Jeblad"