SQL injection via the user agent HTTP header
Over at the CloudFlare blog John Graham-Cumming wrote an interesting article on SQL injection attacks via http request headers.
SQL injection is a perennial favorite of attackers and can happen anywhere input controlled by an attacker is processed by a web application. It's easy to imagine how an attacker might manipulate a web form or a URI, but even HTTP request headers are vulnerable. Literally any input the web browser sends to a web application should be considered hostile.https://blog.cloudflare.com/the-sleepy-user-agent/
What are your thoughts on "SQL injection via the user agent HTTP header"?