Good find. Since it is not a Web App and hence not publicly available to exploit... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jeswin on Dec 19, 2015 | parent | context | favorite | on: MongoDB instances publicly exposed on the Internet

Good find.

Since it is not a Web App and hence not publicly available to exploit:

Use of String.Format instead Parameterized queries is how Sql injection issues sneak in. (Line 63, https://github.com/katway/DrugSupervision/blob/GuiDesign/Dru...)

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact