From the script:
# enables user to see a .sql file without encountering the
# AOLserver's db module magic (offering to load the SQL into a database)
Auto SQL loading? Cool feature! ;)
Anyway, we are just about 7 years late:
#
# patched by philg at Jeff Banks's request on 12/5/99
# to close the security hole whereby a client adds extra form
# vars
U
Unbekannt
@Unbekannt
0
Reputation
3
Posts
25
Profile views
0
Followers
0
Following
Best posts made by Unbekannt
This user hasn't posted anything yet.
Latest posts made by Unbekannt
-
RE: OMG Injection attack
-
RE: OMG Injection attack
@Unbekannt said:
You guys realize that this is just a plain CGI to show files, not a dynamic SQL query thingy?
For example
will just show an sql document that you could have seen by just visiting
http://philip.greenspun.com/doc/sql/
and selecting the oney
Ok, I am too stupid to use this web editor properly. :(
Anyway, that is probably just a plain CGI to send the correct MIME headers for in browser display. Where's the WTF?
PS: How can I preview my post??? And why can't I just have a normal text field???
-
RE: OMG Injection attack
You guys realize that this is just a plain CGI to show files, not a dynamic SQL query thingy?
For example
will just show an sql document that you could have seen by just visiting
http://philip.greenspun.com/doc/sql/
and selecting the oney