|| Friday, 08 July 2005
I'm sitting right now in that session. The speaker is just demoing yet another example which has a SQL Injection vulnerability! The killer: a script callback that uses the params unvetted to dynamically build a SQL string. MS definitely should vet the demos for security problems.
© Copyright 2017 Christoph Wille
newtelligence dasBlog 2.3.9074.18820