04-29-2011, 10:42 AM
|
Contributor Pirate
|
|
Join Date: Jul 2004
Age: 35
Posts: 1,555
|
|
Quote:
Originally Posted by Biddykins
Do explain. It just looks like an error to me
|
Basically, that error seems to indicate that it's just plugging the value from the URL directly into an SQL query without sanitizing it (removing special characters like the single-quote, ' ). If one were so inclined, they could take advantage of this by injecting their own code into the query, by changing that string to something like
Robert'); DROP TABLE students;--
And because their shitty website doesn't bother to make sure that string is safe before plugging it in, the parser will execute the command to drop the entire table named 'students' if there is one. Could do all sorts of fun things with this.
|