[thelist] Security issue

N Saidova saidovan at rs.uovs.ac.za
Tue Jun 25 04:47:01 CDT 2002


Guys,

I just managed to "hack" into one of my older authentication scripts
(in ASP) by typing:
x' or 1=1 --
in the user field.
On the newer scripts (PHP) it didn't work.
I guess it also depends on the way the SQL query is formulated...

Anyone come across this before? What do you think about it?

Nedret



More information about the thelist mailing list