<blockquote id="quote"><font size="1" face="geneva, verdana, arial" id="quote">quote:<hr height="1" noshade id="quote">Originally posted by Rob

I really don't want to go into 'how' this can be exploited... purely because there are so many copies of these functions on the net... I recieve 2 or 3 emails a day from people thanking me for them.

I have basically stopped supporting them, because I can figure out 3 ways of exploiting them...

1 of the exploits, as Smokie says, is indeed a DoS
another allows SQL queries to be executed, depending on how the script is being used...
and the other, again depending how the script is used, can give access to the filesystem.

Please do not ask me to elaborate on how, coz I wont!

I would only recommend the use of my scripts that deal with variables using the 'EXECUTE' function on an Intranet.. .away from the public domain.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
Aww, Rob you gotta tell us how to hack these!!! I wanna have a look, why don't we have a competition where we all look at the code and see how many serious security issues we can find?

Security through obscurity. I like it. Very Microsoft... hehe.