 |
Friday, July 8, 2005 |
I'm sitting right now in that session. The speaker is just demoing yet another example which has a SQL Injection vulnerability! The killer: a script callback that uses the params unvetted to dynamically build a SQL string. MS definitely should vet the demos for security problems.
© Copyright 2022 Christoph Wille
newtelligence dasBlog 2.3.9074.18820

|