| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEJizbbvYRVXHbL=nDKGAvEXZQxfhS=84pdmpwKu663BtrF+cQ@mail.gmail.com>
Date: Tue, 6 Mar 2012 22:48:53 +0000
From: Benji <me@...ji.com>
To: "Zach C." <fxchip@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu,
Adam Behnke <adam@...osecinstitute.com>
Subject: Re: Cookie based SQL Injection
Yes, because this is incredibly new.
On Tue, Mar 6, 2012 at 8:54 PM, Zach C. <fxchip@...il.com> wrote:
> Even so, watch all the advisories pour in now for "cookie-based SQL
> injection." :/
> On Mar 6, 2012 12:44 PM, <Valdis.Kletnieks@...edu> wrote:
>
>> On Tue, 06 Mar 2012 14:28:51 CST, Adam Behnke said:
>> > Unlike other parameters, cookies are not supposed to be handled by
>> users.
>>
>> Any site that designs its security model around that concept will get what
>> it richly deserves.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists