Lets say you use SELECT * FROM ($query) sub where you can swap $query to any query you wish. Is there a way to escape this select and run a command that modifies data in the database?
http://dlvr.it/RzGqHx
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment