You don't need to "take over someone's site" to prove that their site has a SQLI... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rmc on Nov 8, 2011 \| parent \| context \| favorite \| on: Security researcher Charlie Miller booted from App... You don't need to "take over someone's site" to prove that their site has a SQLI vector, just put in a little string somewhere.

mike-cardwell on Nov 8, 2011 [–]

In the UK, using SQL injection to "put a little string somewhere" would be illegal.

rmc on Nov 8, 2011 | [–]

Oh probably. But I'm pointing out that you can demonstrate a SQLI attack without having to completly take down someone's site.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact