SQLi Is Back With A Small TwIST
Posted by
Brad Wood
Aug 16, 2008 19:40:00 UTC
Well, after a brief hiatus, the SQL Injection attacks have reconvened with a small change. They have modified the capitalization of a couple words in the URL. "DECLARE" has become "DeCLARE", and "EXEC" has become "ExEC". This is obviously to get around people who employed case-sensitive filtering mechanisms.