[thelist] Security issue

N Saidova saidovan at rs.uovs.ac.za
Tue Jun 25 04:47:01 CDT 2002


I just managed to "hack" into one of my older authentication scripts
(in ASP) by typing:
x' or 1=1 --
in the user field.
On the newer scripts (PHP) it didn't work.
I guess it also depends on the way the SQL query is formulated...

Anyone come across this before? What do you think about it?


More information about the thelist mailing list