Recent content by aolee

what if u have a program that directlys get the whole url address and compares it to db? how can i filter such injection? if it is injected via browser?i cannot do a whitelist and blacklist filtering, nor based it one char lenght because my url are dynamic?

IS this really caused by a trojan? or a munual SQL INJECT? i also had the same problem. how do I shield my system with this kind of attack. please help. thanks!