Re: [OT]OpenRPN.org hacked, AGAIN Message #7 Posted by Marcus von Cube, Germany on 8 Feb 2006, 10:54 a.m., in response to message #6 by bill platt
I'm not a specialist in this but I've read something about hacking of database applications on the web.
One possible problem is dynamic SQL: Normally, your posts are enclosed in some SQL statements to put them in to a database:
insert into mytable( poster, text ) values( '<poster>', '<text>' )
The values in angle brackets come directly from the input form. Now consider a poster named "badguy" enters something like this in the text field:
' );
update sometable( colum1, column2 ) values( 'bad value1', 'bad value2
Now lets combine the two:
insert into mytable( poster, text ) values( 'badguy', '' );
update sometable( colum1, column2 ) values( 'bad value1', 'bad value2' )
One can imagine that evil things can be done if the exact database structure is known (as is the case for many such systems.)
Marcus
|