Thread: Little Bobby Tables visits MySQL.com

Little Bobby Tables visits MySQL.com

From

Joshua Berkus

Date:

28 March 2011, 16:41:00

All,

Apparently Oracle didn't see fit to activate MySQL's own anti-SQL-injection features on their own site:

http://blog.sucuri.net/2011/03/mysql-com-compromised.html

(wanna bet the site is running 4.1 or something?)

Let that be a lesson to you: sanitize your SQL inputs!

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco

Re: Little Bobby Tables visits MySQL.com

From

Adrian Klaver

Date:

28 March 2011, 20:21:07

On 03/28/2011 09:40 AM, Joshua Berkus wrote:
> All,
>
> Apparently Oracle didn't see fit to activate MySQL's own anti-SQL-injection features on their own site:
>
> http://blog.sucuri.net/2011/03/mysql-com-compromised.html
>
> (wanna bet the site is running 4.1 or something?)
>
> Let that be a lesson to you: sanitize your SQL inputs!
>

Ouch!

--
Adrian Klaver
adrian.klaver@gmail.com