[10637] in bugtraq
Re: Advisory: NT ODBC Remote Compromise
daemon@ATHENA.MIT.EDU (Bigby Findrake)
Tue May 25 19:12:16 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.05.9905251441030.23507-100000@home.shiva.eu.org>
Date: Tue, 25 May 1999 14:43:25 -0700
Reply-To: Bigby Findrake <bigby@HOME.SHIVA.EU.ORG>
From: Bigby Findrake <bigby@HOME.SHIVA.EU.ORG>
X-To: Vittal Aithal <vittal.aithal@REVOLUTIONLTD.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <D0CD3D370F64D211A25900104BAD8D595AAB8B@RMAIL>
On Tue, 25 May 1999, Vittal Aithal wrote:
> Here's some javascript stuff that'll clean up quotes and things before
> having them sent off in a sql query... only tested with access, so YMMV.
Do keep in mind that while this will stop people from using the
aforementioned exploits *only when using your forms*. It is still
possible to download your web pages, remove the javascript hooks, and then
submit their information, or call the CGI(if method GET is accepted) by
hand and get around such security measures.
