|
|
|
|
|
|
by aikah
4263 days ago
|
|
|
Oh yeah, I see it now,thanks. They are naming the query placeholders based directly on the indexes passed in the querystring parameters? And since indexes can be whatever string like ?name[DELETE FROM USERS]=foo&... ,you end up with an exploit ... |
|
|