Well, after we implemented our fix, mr. sql injecting hacker has been shown the door. Today we where attacked three more times, both in the url and it seems in our open form fields, and as I’m apt to say when I do a beat down, FUACATA.
Bye bye sql injection hacker.
{ 2 comments… read them below or add one }
What’s the fix?
@Brad – The Fix was to eliminate the passing of sql triggers through forms and text fields. Also eliminating things like VARCHAR, TABLE_CURSOR, or anything else that’s found int this file.