[Zope] Search Interface Gone arwy! Red! No, Blue.....ahhhh.....
Oleg Broytmann
phd@phd.russ.ru
Thu, 20 Jul 2000 16:03:38 +0000 (GMT)
Wow, wow, very interesting!
On Thu, 20 Jul 2000, Sean G Richards wrote:
> <form action="search_result" method="get">
> <h2><dtml-var document_title></h2>
> <input name="select_statment" value="select * from courses_description
> ">
> <input name="where_statement" value=" where subject = 'ee'">
> <input type="SUBMIT" name="SUBMIT" value="Submit Query">
> </td></tr>
> </table>
> </form>
Plese send me the real URL of the form ASAP. I will download the page,
replace "select *" with "DELET FROM" and submit the form!
Never saw nicer security hole! :)
Oleg. (All opinions are mine and not of my employer)
----
Oleg Broytmann Foundation for Effective Policies phd@phd.russ.ru
Programmers don't die, they just GOSUB without RETURN.