On 13/02/2012 22:09, Haluk Karamete wrote:
Gary,
you've mentioned that the user would have had access to the sysobjects
No, there's a difference. *If* they had access to sysobjects then it
could've caused issues.
Ideally, you should have some level of segregation within your database.
That
ote:
>>
>> My logs shows that we have tried with a SQL Injection attempt, but
>> our engine has detected and avoided it but I am just curious, what are
>> these SQL statements are intending to achieve?
>>
>> SELECT * FROM lecturer WHERE recID='25 '
we have tried with a SQL Injection attempt, but
>> our engine has detected and avoided it but I am just curious, what are
>> these SQL statements are intending to achieve?
>>
>> SELECT * FROM lecturer WHERE recID='25 ' and exists (select * from
>> sysobjec
On 13/02/2012 21:48, Haluk Karamete wrote:
My logs shows that we have tried with a SQL Injection attempt, but
our engine has detected and avoided it but I am just curious, what are
these SQL statements are intending to achieve?
SELECT * FROM lecturer WHERE recID='25 ' and exis
My logs shows that we have tried with a SQL Injection attempt, but
our engine has detected and avoided it but I am just curious, what are
these SQL statements are intending to achieve?
SELECT * FROM lecturer WHERE recID='25 ' and exists (select * from
sysobjects) and ''=&