[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SQL Injeciton.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] SQL Injeciton.
From: GabbarRang@xxxxxxxxxxxx (Gabbar Sing)
Date: Fri, 19 Aug 2005 23:20:02 -0400

Hi,

We have an internal web application written in PHP, in which the developer has 
got following line.

$query = mysql_query("select field1,field2 from table where 
field1='$field1fromuser';");

and is sending user input to backend using post method.

At first sight I though its very much vulnerible to SQL Injection, but I am not 
just able to demonstrate it. As when i send the character " ' " it just escapes 
it before sending query to db as " ' " thus  failing my injection.

I had also tried injecting sql using char but without any luck as the variable 
is within single quote. Hence it did plain text
comparison.

Can any one shed some light on this, as I am new to sql injection.

Gabbar.

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] SQL Injeciton.
  - From: Jeremy Bishop

Prev by Date: Re: [Full-disclosure] Off topic. To the list Admins or anyone that can help me
Next by Date: Re: [Full-disclosure] SQL Injeciton.
Previous by thread: Re: [Full-disclosure] Off topic. To the list Admins or anyone that can help me
Next by thread: Re: [Full-disclosure] SQL Injeciton.
Index(es):
- Date
- Thread