WT? #3

So, just when i thought i had seen it all… this is the REQUEST, as captured by Fiddler.
Yes, you read that right… the SWF builds the request and sends it through to the web server; in plain text.
(i’ve modified the actual contents of the SQL, naturally)

POST /flashsql.php?id=106 HTTP/1.1


= BODY ====
 sql_=SELECT DISTINCT( id ), name, filename FROM table LEFT
JOIN table2 ON ( id = id ) LEFT JOIN
table3 ON ( id = id ) LEFT JOIN table4 ON
( id = id ) LEFT JOIN table5 ON ( id = id ) WHERE id IN(155,150,52,149,134,133,76) AND
typeId=9 ORDER BY id
5 tables, no less and a database name. And a file on the server that happily accepts any SQL for execution. Oh, and this was an e-commerce website.

They were notified and they have subsequently made things a lot more secure.