lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat Aug 20 06:43:55 2005
From: GabbarRang at netscape.net (Gabbar Sing)
Subject: SQL Injeciton.

Thanks I would definitely check on magic_quotes, but the fact is it escapes those characters, so theres no way...its succeptable to sql injection. and ofcourse i am asking this question here means the develper has not done any  kind of sanitization checking. So, if SLQ injection is no possible even below given XXS wont be the case i guess,

'><script>alert('ur hacked')</script>

Thanks,

Gabbar.


Jeremy Bishop <requiem@...etor.org> wrote:

>On Friday 19 August 2005 20:20, Gabbar Sing wrote:
>> Hi,
>>
>> We have an internal web application written in PHP, in which the
>> developer has got following line.
>
><snip>
>
>> At first sight I though its very much vulnerible to SQL Injection,
>> but I am not just able to demonstrate it. As when i send the
>> character " ' " it just escapes it before sending query to db as " '
>> " thus  failing my injection.
>
>PHP has a feature known as magic quotes that can provide automatic 
>escaping of quotes in user-submitted data.  I believe the configuration 
>variables to look at are "magic_quotes_gpc" and "magic_quotes_sybase", 
>or some variation on those; the documentation should be more revealing.
>
>The developer may also have manually sanitized the data; I assume you 
>have checked for that already?  The ideal means of handling input would 
>be to have the code check whether magic quotes are enabled and to take 
>appropriate action based on the result of that check.
>
>-- 
>My group's mission statement - 'You want *what* ? By *WHEN* ?'
>              -- Simon Burr
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ