Closed iurisilvio closed 11 years ago
I didn't try harder to found a useful example to inject, but I'm sure it is possible to exploit it with a crafted parameter, so you should always escape single quotes.
I didn't try harder to found a useful example to inject, but I'm sure it is possible to exploit it with a crafted parameter, so you should always escape single quotes.