Code: Select all
http://something.com/somepage.php?sql=SELECT+password%20as%20user+FROM+users+WHERE+user+=+%27administrator%27
Code: Select all
http://something.com/somepage.php?sql=SELECT+password%20as%20user+FROM+users+WHERE+user+=+%27administrator%27
Believe it or not, Corporate America! 10+ million a year company! Just trying to save a buck by using sub standard (idiot) consulting firms.SirDice wrote:What kind of ID-ten-T puts their entire SQL query in a GET method?