Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Injection — It's Not Just For SQL Anymore

Posted by ryuzaki0 on Wednesday November 22, 2006 @06:51AM from the injections-that-aren't-fun dept.

nywanna writes "When most people think of malicious injection, they think of SQL injection. The fact is, if you are using XML documents or an LDAP directory, you are just as vulnerable to a malicious injection as you would be using SQL. Bryan Sullivan looks at the different types of malicious code injections and examines the very basics of preventing these injections."

1 of 119 comments (clear)

Min score:

Reason:

Sort:

XML Logic Is Flawed by CowboyBob500 · 2006-11-22 07:03 · Score: 5, Informative

In his XML example with XPath injection he states that running a certain query can return the entire order history of all customers. That may be true, but if the application is returning an XML document containing the entire order history of all customers for each customer request before running an XPath query, then I think the application has more problems than being vulnerable to XPath injection.

Bob

--
Listen to my latest album here