All,
Apparently Oracle didn't see fit to activate MySQL's own anti-SQL-injection features on their own site:
http://blog.sucuri.net/2011/03/mysql-com-compromised.html
(wanna bet the site is running 4.1 or something?)
Let that be a lesson to you: sanitize your SQL inputs!
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco