Timeline for Is SQL injection possible with LIMIT?
Current License: CC BY-SA 3.0
22 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 27, 2014 at 21:33 | comment | added | Brandon | SQL injection is not just about extracting restricted data, but also about damaging data. | |
| Dec 27, 2014 at 21:32 | comment | added | Brandon |
UNION is not the only concern I would have. What about DROP TABLE or TRUNCATE TABLE?
|
|
| S Dec 27, 2014 at 12:20 | history | edited | Jens Erat | CC BY-SA 3.0 |
Copy edited.
|
| S Dec 27, 2014 at 12:20 | history | suggested | Peter Mortensen | CC BY-SA 3.0 |
Copy edited.
|
| Dec 27, 2014 at 11:40 | review | Suggested edits | |||
| S Dec 27, 2014 at 12:20 | |||||
| Dec 27, 2014 at 7:34 | comment | added | superultranova | Cast it as an int, and make sure it is within acceptable bounds. Or, if your client has the ability to bind by type (int type), do that. | |
| Dec 25, 2014 at 20:08 | comment | added | Brad | Any time you have ambiguity where the data has the potential to be confused with the command, you have the potential for trouble, even if it is difficult to find. | |
| Dec 25, 2014 at 15:49 | vote | accept | Ali | ||
| Dec 25, 2014 at 10:18 | comment | added | kasperd | My recommendation when finding such security holes is to fix them regardless of whether they are exploitable or not. Of course that doesn't make your question irrelevant. It can be very educational to see why a seemingly un-exploitable security hole can be exploited anyway. Should you ever manage to find one which is truly un-exploitable, chances are you spent more time analyzing the exploitability than you would have simply fixing it. | |
| Dec 25, 2014 at 3:42 | answer | added | Rick | timeline score: 1 | |
| Dec 24, 2014 at 17:22 | comment | added | Ali | Things changed a little bit. I'm posting an update in a new question and not changing this one considering all the attention it got. | |
| Dec 24, 2014 at 4:27 | answer | added | Schwern | timeline score: 3 | |
| Dec 23, 2014 at 19:30 | answer | added | Damian Yerrick | timeline score: 1 | |
| Dec 23, 2014 at 15:30 | history | edited | rook |
edited tags
|
|
| Dec 23, 2014 at 14:35 | answer | added | Dillinur | timeline score: 4 | |
| Dec 23, 2014 at 13:11 | answer | added | PiTheNumber | timeline score: 74 | |
| Dec 23, 2014 at 12:56 | history | tweeted | twitter.com/#!/StackSecurity/status/547375261734670336 | ||
| Dec 23, 2014 at 11:41 | answer | added | user45139 | timeline score: 1 | |
| S Dec 23, 2014 at 11:15 | history | suggested | user45139 | CC BY-SA 3.0 |
improved formatting and some other things
|
| Dec 23, 2014 at 11:15 | review | Suggested edits | |||
| S Dec 23, 2014 at 11:15 | |||||
| Dec 23, 2014 at 11:07 | review | First posts | |||
| Dec 23, 2014 at 11:10 | |||||
| Dec 23, 2014 at 11:04 | history | asked | Ali | CC BY-SA 3.0 |