Development

#801 (We can use the sort parameter for inject SQL.)

You must first sign up to be able to contribute.

Ticket #801 (closed defect: duplicate)

Opened 6 years ago

Last modified 6 years ago

We can use the sort parameter for inject SQL.

Reported by: maxiglu Assigned to:
Priority: critical Milestone:
Component: Version: 0.6.3
Keywords: Cc:
Qualification:

Description

We can use the sort parameter for inject SQL.

Exemple :

http: //serveur/pathtosymfony/web/anApplication_dev.php/anadminmodule/list/sort/rue%22; A COMMANDE; /type/asc

Simply using this product an error, but I had successfull drop a table in my databe...

Using: 

symfony propel-init-admin
PostgreSQL 8.0
0.6.3

They are a another ticket http://www.symfony-project.com/trac/ticket/496, but widhout " , and it's say that the problem is resolved. Simply no...

Change History

08/05/06 15:32:31 changed by l2k

  • status changed from new to closed.
  • resolution set to duplicate.

I reopened #496