I signed up to a website, and my password contained & symbol, got an error that password cannot contain that symbol, I thought we are way beyond vulnerability of SQL injection?

Or that symbol can be used for some other attacks?

  • 3
    Maybe database charset?

    Edit: To clarify, I mean something like latin-1 vs utf8
  • 0
    @AvyChanna aah good point, thanks for bringing this up 😊
  • 4
    I hope that's not the reason, that would imply they're saving the password in plain text.
  • 1
    @gitpush @TheHatBandit That was just a blind shot. For context, I once used MySql without changing default charset, (latin-1), and later got to know I could not use any other language than english for input(or unicode)
  • 2
    Oh, if you think the majority of websites out there have proper pentesting run on them you are in for a big surprise
Add Comment