Ascii encoded binary injection attacks
Posted: Sat Mar 21, 2009 3:59 am
Hi all,
I've been reading about ascii encoded binary injection attacks that are carried out my bots and target vulnerable pages. You can read about them here:
http://gala4th.blogspot.com/2009/01/asc ... mated.html
My question is this:
It seems as though pages that escape SQL queries are still safe, but the solutions listed on the pages I've read about these attacks seem much more complicated. I'm not sure I fully understand the solution from the page above or how to carry it out. Can anyone tell me how whether or not escaping quotes works for this problem?
Thanks!
I've been reading about ascii encoded binary injection attacks that are carried out my bots and target vulnerable pages. You can read about them here:
http://gala4th.blogspot.com/2009/01/asc ... mated.html
My question is this:
It seems as though pages that escape SQL queries are still safe, but the solutions listed on the pages I've read about these attacks seem much more complicated. I'm not sure I fully understand the solution from the page above or how to carry it out. Can anyone tell me how whether or not escaping quotes works for this problem?
Thanks!