[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SQL Injeciton.

To: requiem@xxxxxxxxxxx (Jeremy Bishop), full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] SQL Injeciton.
From: GabbarRang@xxxxxxxxxxxx (Gabbar Sing)
Date: Sat, 20 Aug 2005 01:42:36 -0400

Thanks I would definitely check on magic_quotes, but the fact is it escapes 
those characters, so theres no way...its succeptable to sql injection. and 
ofcourse i am asking this question here means the develper has not done any  
kind of sanitization checking. So, if SLQ injection is no possible even below 
given XXS wont be the case i guess,

'><script>alert('ur hacked')</script>

Thanks,

Gabbar.

Jeremy Bishop <requiem@xxxxxxxxxxx> wrote:

>On Friday 19 August 2005 20:20, Gabbar Sing wrote:
>> Hi,
>>
>> We have an internal web application written in PHP, in which the
>> developer has got following line.
>
><snip>
>
>> At first sight I though its very much vulnerible to SQL Injection,
>> but I am not just able to demonstrate it. As when i send the
>> character " ' " it just escapes it before sending query to db as " '
>> " thus  failing my injection.
>
>PHP has a feature known as magic quotes that can provide automatic 
>escaping of quotes in user-submitted data.  I believe the configuration 
>variables to look at are "magic_quotes_gpc" and "magic_quotes_sybase", 
>or some variation on those; the documentation should be more revealing.
>
>The developer may also have manually sanitized the data; I assume you 
>have checked for that already?  The ideal means of handling input would 
>be to have the code check whether magic quotes are enabled and to take 
>appropriate action based on the result of that check.
>
>-- 
>My group's mission statement - 'You want *what* ? By *WHEN* ?'
>              -- Simon Burr
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Off topic. To the list Admins or anyone that can help me
Next by Date: Re: [Full-disclosure] FrSIRT False Alarm
Previous by thread: Re: [Full-disclosure] SQL Injeciton.
Next by thread: [Full-disclosure] [RETRO AUDITING] Elm remote buffer overflow in Expires header
Index(es):
- Date
- Thread