All,
Apparently Oracle didn't see fit to activate MySQL's own anti-SQL-injection features on their own site:
http://blog.sucuri.net/2011/03/mysql-com-compromised.html
(wanna bet the site is running 4.1 or something?)
Let that be a lesson to you: sanitize your SQL inputs!
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco
On 03/28/2011 09:40 AM, Joshua Berkus wrote:
> All,
>
> Apparently Oracle didn't see fit to activate MySQL's own anti-SQL-injection features on their own site:
>
> http://blog.sucuri.net/2011/03/mysql-com-compromised.html
>
> (wanna bet the site is running 4.1 or something?)
>
> Let that be a lesson to you: sanitize your SQL inputs!
>
Ouch!
--
Adrian Klaver
adrian.klaver@gmail.com