Re: Advisory: NT ODBC Remote Compromise

From: Bigby Findrake (bigbyat_private)
Date: Tue May 25 1999 - 14:43:25 PDT

Next message: Karsten Thygesen: "Re: Solaris libc exploit"

Previous message: Vittal Aithal: "Re: Advisory: NT ODBC Remote Compromise"
Maybe in reply to: .rain.forest.puppy.: "Advisory: NT ODBC Remote Compromise"
Next in thread: Vittal Aithal: "Re: Advisory: NT ODBC Remote Compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 May 1999, Vittal Aithal wrote:

> Here's some javascript stuff that'll clean up quotes and things before
> having them sent off in a sql query... only tested with access, so YMMV.

Do keep in mind that while this will stop people from using the
aforementioned exploits *only when using your forms*.  It is still
possible to download your web pages, remove the javascript hooks, and then
submit their information, or call the CGI(if method GET is accepted) by
hand and get around such security measures.

Next message: Karsten Thygesen: "Re: Solaris libc exploit"
Previous message: Vittal Aithal: "Re: Advisory: NT ODBC Remote Compromise"
Maybe in reply to: .rain.forest.puppy.: "Advisory: NT ODBC Remote Compromise"
Next in thread: Vittal Aithal: "Re: Advisory: NT ODBC Remote Compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:12 PDT