| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pjp at paulo-pereira.net (Paulo Pereira)
Subject: Question: is this exploitable?
Hi,
I'm looking at a web application I built some time back and I found this line:
$sth = $dbh->prepare("insert into projects values(null,\"$project\")");
I'm using Perl.
This works quite exploitable to me since $project comes directly from user without any validation :)
The thing is that I'm yet to find a way to exploit it on the MySQL database I'm using.
I tried to make $project like:
"); insert into other_table value(bla, bla
but prepare only runs one command and complains about this...
I also tried
" + (insert into other_table value(bla, bla
And a bunch of combinations but I still didn't get the right touch at it and I would like to understand how these things work.
Reading this list is quite helpuful, I already found a dozen ways to DoS my application with the insertion of scripts.
I think my app was (was?) really.. :) insecure.
Thanks!
Paulo Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031018/443a8161/attachment.html
Powered by blists - more mailing lists