RSS FullRecent Posts
- Michael Sharman - chapter31 » cfqueryparam does not work in ORDER …
- PHP-Fusion Mod triscoop_race_system (raceid) Remote SQL Injection …
- MySQL Dumper | Dropsec
- PHP Security: SQL Injection | Zend PHP 5 Certification Blog
- PHP Security: SQL Injection | Zend PHP 5 Certification Blog
Recent Comments
- luca on XSS in mysql_error()
- Jacob Tuscon on SQL Power Injector 1.2 released - TechRepublic
- MySQL Security » MySQL Security Update Fixes Restrictions Bypass and Library … on MySQL Security Update Fixes Restrictions Bypass and Library ...
Checks Unlimited
NetClassifieds [multiple vulnerabilities]
Published by Admin | Filed under netclassifieds, multiple, parameter, bugtraq-security-focus, default
I wont past every line of this code , because EVERY parameter is vulnerable to sql injection , XSS , full path … ===== 4)proof of concept =====. exemple of exploitation : 1) http://site.com/ViewCat.php?CatID=-8+union+select+1,email …
Read the original: NetClassifieds [multiple vulnerabilities]
bugtraq security focus default multiple netclassifieds parameterbugtraq security focus, default, multiple, netclassifieds, […]
Securing MySQL for development
Published by Admin | Filed under things, accepts, default, configuration, rails, automagic, connections, canonical, leaves, mysql
When developing in Rails, the canonical thing to do is to have a root MySQL account with no password. While this makes the Rails configuration automagic, it leaves things somewhat open because MySQL accepts TCP/IP connections by default …
More: Securing MySQL for development
accepts automagic canonical configuration connections […]
