"For example, again using the above case, the parameter ?date? is vulnerable to an SQL injection attack."

I am not sure how one can tell this from the .js function code. Is there something I am missing? It seems to me that it is more likely "maybe vulnerable" instead of "is vulnerable", since from my understanding it would depend on the implementation of the service and if there were steps taken in the service to block sql injection. I am just trying to understand better since I have similar calls in code I have written, although I do validate input into the service. Thanks for the nice article by the way.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1879/712#712