lulz from TZ.
On Tue, June 7, 2011 11:04 am, David Gelvin wrote: > On Tue, Jun 7, 2011 at 11:03 AM, Hari Kurup <[email protected]> wrote: > >> On 7 June 2011 09:49, David Gelvin <[email protected]> wrote: >> >>> So a note to all web admins out there: CLEAN YOUR INPUTS. If 'item' >>> should always be an integer, raise a 404 if it's anything other than an >>> int. >>> And if you didn't write the code, but you're responsible for it, test >>> for >>> these vulnerabilities. Test using sqlmap, because you know others will >>> if >>> you don't. >>> >> >> >> Plus I'd say start by securing the username and password for the 'admin' >> account, which at the moment is set to the default. >> >> > Ha! That works too. > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
