lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031018224738.GP17073@sparky.finchhaven.net>
From: jsage at finchhaven.com (John Sage)
Subject: Question: is this exploitable?

heh..

On Sat, Oct 18, 2003 at 07:16:13AM -0700, Randal L. Schwartz wrote:
> >>>>> "Paulo" == Paulo Pereira <pjp@...lo-pereira.net> writes:
> 
> Paulo> $sth = $dbh->prepare("insert into projects values(null,\"$project\")");
> 
> This clearly should have been:
> 
>   my $sth = $dbh->prepare("insert into projects values(null, ?)");
>   $sth->execute($project);
> 
> which will Do The Right Thing.
> 
> Placeholders, people.  Placeholders.


Hello, Randal! How good of you to be here!



- John
-- 
"Most people don't type their own logfiles;  but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ