[VIM] On SQL injection and PHP mysql_query...
Steven M. Christey
coley at linus.mitre.org
Mon Jun 26 18:05:58 EDT 2006
On Mon, 26 Jun 2006, Sullo wrote:
> However, injecting a ' would still throw an error... which does not
> mean it's exploitable, but means you are injecting something into the
> sql stream. perhaps we need a new term for "sql termination" rather
> than "sql injection"?
I've been playing around with "forced SQL error," but like all the terms I
make up, it's rather forced :) Also, that won't cover the cases that will
eventually come up in which you can provide malicious values that are
valid for the query, but not intended to be allowed by the developer.
Say, an "order by" argument that should only allow user-specified fields A
and B, but the attacker can specify C, in a security-relevant context.
More information about the VIM