by r0t,der4444,cembo,VietMafia

Tuesday, December 27, 2005

Sql Injection, take complete advantage

Security/Hack Tip:
If a script stores path information in a DB and that information is later used in include statements; with an sql injection this can lead to remote includes. Obvious, but could be easily overlooked. I just wanted to add that after watching the last video that was posted here.

Php writers: Dont store paths in a DB.

Hackers: If you find a sql injection, check if the script does this.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew