[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-Disclosure] Latest MS SQL Server vulnerabilities revealed.
From: "Michael -" <michael () nix ! org>
Date: 2003-04-30 20:54:24
[Download RAW message or body]
After reading your papers I must say it was quite interesting and it introduce quite a few new \
ideas. However, most of them (at leat in your paper found at \
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf ) base \
themselves on the idea that you can perform an 'insert' with SQL injection. In my experience, \
this is impossible most of the time due to the fact that MSSQL doesnt allow multiple statement \
and that you can only add an union in the middle of an SQL statement that is usualy part of a \
web application.
Michael
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic