GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Zyber · 09-20-2010, 03:46 PM

Oh, I almost forgot one important thing.

MySQL accepts both ASCII and HEX values. Someone could write their payload as 0x6e6f7468696e67206865726520746f20736565

That string could contain anything...

Such strings could possibly go undetected by type-validation as all the ASCII chars look harmless.

Making proper sanitation is really hard, and there is always the risk that you have missed something.

In my opinion one should be extra paranoid with databases. They are like Swiss cheese..

09-20-2010, 03:46 PM
Zyber Confirmed User Industry Role: Join Date: Aug 2001 Posts: 832	Oh, I almost forgot one important thing. MySQL accepts both ASCII and HEX values. Someone could write their payload as 0x6e6f7468696e67206865726520746f20736565 That string could contain anything... Such strings could possibly go undetected by type-validation as all the ASCII chars look harmless. Making proper sanitation is really hard, and there is always the risk that you have missed something. In my opinion one should be extra paranoid with databases. They are like Swiss cheese..