Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Right now it is possible to check only some of the headers you are interested in using: secf_check_sqli_hdr($ua);
The function secf_check_sqli_all(); checks all the headers and, it is true that in the From Name header check, the double quotes are omitted, but I forgot to omit the single quotes, maybe because in my country it is not common to use it in the name.
I think it would be enough to omit the single quote in the From Name header. Also, we usually find SQL injections in the User, Domain fields and in the URI.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.