Hacker News new | past | comments | ask | show | jobs | submit login

No need to write these complex new examples, here's my favorite English injection attack for those unfamiliar with SQL.

http://www.bored.com/photos/putacorkinit.html

The speaker is your web service (which knows the backend language but still fails!), the audience your database. Now spot the malicious requests.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: