1 comment

[ 2.5 ms ] story [ 9.9 ms ] thread
I guess this will only work on untyped languages and where the application isn't checking to see if the value of 'username' is a string

All the more reason to watch your inputs, and assume everything is malicious.