lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2DBB25F6DB41D311AFCB00A024574CBD01F62229@MANGO>
Date: Fri, 5 Dec 2003 07:45:48 +0100
From: Sys Sec <syssec@...igsa.com>
To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com>
Subject: Intresting case of SQL Injection


IMPORTANT INFORMATION FOR ALL DEVELOPERS OF PHP.

I recommend that never leave to insert special characters in input box.
Normally in Input Box only is necessary numeric or alphanumeric data

For solution this SQL Injection you can use these functions:


ctype_alnum -- Check for alphanumeric character(s) 
ctype_alpha -- Check for alphabetic character(s) 
ctype_cntrl -- Check for control character(s) 
ctype_digit -- Check for numeric character(s) 
ctype_graph -- Check for any printable character(s) except space 
ctype_lower -- Check for lowercase character(s) 
ctype_print -- Check for printable character(s) 
ctype_punct --  Check for any printable character which is not whitespace or
an alphanumeric character 
ctype_space -- Check for whitespace character(s) 
ctype_upper -- Check for uppercase character(s) 
ctype_xdigit --  Check for character(s) representing a hexadecimal digit 

Normally you verify data with Javascript in Client but you must verify data
in file that receive POST Form. In the file that receive the POST data you
can use these functions.

ADDITIONAL INFO:
http://es2.php.net/manual/en/ref.ctype.php

For use these functions you must discomment library in php.ini file:
;Windows Extensions
extension=php_ctype.dll 

 
Javier Morueco 
                              


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ