this post was submitted on 24 Jan 2024
391 points (98.5% liked)

Cybersecurity - Memes

2000 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188
neurohost
[email protected]
[email protected]
CannaVet
391
Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */. (lemmy.world)
submitted 10 months ago by ABasilPlant to c/cybersecuritymemes
59 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 179 points 10 months ago (18 children)

How to say you're vulnerable to code injection without saying you're vulnerable to code injection.

[–] [email protected] 30 points 10 months ago* (last edited 10 months ago) (13 children)

Are they vulnerable though, if they already exclude it at the user input?

I yet have to learn SQL and is there a way to allow passwords with '); DROP TABLE... without being vulnerable to an injection?

nevermind i googled it, and there various ways to do so

[–] herrvogel 51 points 10 months ago (1 children)

This still smells though. Why is the raw, plain text password string getting anywhere near database queries in the first place?

[–] cactusupyourbutt 19 points 10 months ago

I doubt it is. they probably have a WAF that blocks these strings though and didnt want to bother reconfiguring it

load more comments (11 replies)
load more comments (15 replies)