[–] ibotty 13y ago ↗ be sure to read the prequel if you haven't done anything like that before: https://www.pentesterlab.com/from_sqli_to_shell.html
[–] herge 13y ago ↗ If I use sql parameters in my queries, am I still vulnerable to SQL injection? What about using a (sane) ORM?Basically, is it only php apps that hand-build queries that are vulnerable to SQL injection? [–] jasonlotito 13y ago ↗ Any app that hand-builds queries. PHP has nothing to do with this. Just happens to be the vehicle. The problem is simply insecure patterns.
[–] jasonlotito 13y ago ↗ Any app that hand-builds queries. PHP has nothing to do with this. Just happens to be the vehicle. The problem is simply insecure patterns.
4 comments
[ 3.7 ms ] story [ 21.1 ms ] threadBasically, is it only php apps that hand-build queries that are vulnerable to SQL injection?