[Phpmyadmin-devel] Grid editing and escaping

Michal Čihař michal at cihar.com
Wed Aug 17 14:21:06 CEST 2011


it looks like grid editing does not properly handle escaping HTML
entities. Just try importing test/test_data/exploit_test.sql and edit
any row in exploit_test.evil_content.

	Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110817/311c30ad/attachment.sig>

More information about the Developers mailing list