NYCPHP Meetup

NYPHP.org

[nycphp-talk] Injection Attack, any ideas?

tedd tedd at sperling.com
Mon Nov 12 12:23:46 EST 2007


>  > Any ideas about how I can reproduce this problem would greatly
>>  appreciate and any suggestions about how to fix it would be even more
>>  greatly appreciated.            8-)
>>
>>  Thanks for your attention.
>>
>>
>>  --
>>  Best regards,
>  >  mikesz                          mailto:mikesz at qualityadvantages.com
>>

Scrub and clean all user input.

My understanding -- nothing can get in unless you allow it (barring 
server breaches).

Here's an example of js injection:

http://webbytedd.com/bb/insecure-form/

SQL injection (as I understand it) is simply allowing the user to 
prepare (in part) the SQL query. Scrub and clean user input and 
prepare the query yourself as per what you will allow.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com



More information about the talk mailing list