lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Aug 2004 09:31:03 +0200 From: Udo Mueller <info@...ol.de> To: bugtraq@...urityfocus.com Subject: Re: Posible security bug in phpMyWebhosting Hallo Daniel, begin * Daniel Souza schrieb [20-08-04 02:01]: > > may your server is configured with magic_quotes disabled, so, the " is not > slashed and we have a basic sql injection. Im not sure because I have not > seen the source codes to say that, but it's what looks like. Is there a > addslashes in the code ? In Debian magic_quotes = On is standard. I should add addslashes in the code. Thank you! end Gruss Udo -- Ohne Signatur!
Powered by blists - more mailing lists