This feedback.asp file is prone to SQL injection. The asp file isn't checking for the special characters in feedback or not escaping it.
Malicious users can exploit this thing to destroy the database. :(
Didn't they get a good programmer?
On Wed, Aug 19, 2009 at 2:52 PM, Mehul Ved mehul.n.ved@gmail.com wrote:
On Wed, Aug 19, 2009 at 8:06 PM, Kumar Appaiaha.kumar@alumni.iitm.ac.in wrote:
Not sure, but I could submit feedback using Mozilla Firefox. I very much did, and expressed disappointment at not being able to access the service due to it's being based on proprietary solutions. I would request others to do the same, please.
OK, I just did it and it worked this time. OS - ubuntu 9.04 browser - chromium Just in case that matters anyway. -- http://mm.glug-bom.org/mailman/listinfo/linuxers