lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: codex at bogus.net (Codex)
Subject: Question: is this exploitable?

one way of doing it:

$query=sprintf("insert into projects values(null,%s)",dbh->quote($project));
$sth = $dbh->prepare($query);

-cdx

----- Original Message ----- 
From: Paulo Pereira
To: full-disclosure@...ts.netsys.com
Sent: Saturday, October 18, 2003 1:28 PM
Subject: [Full-Disclosure] Question: is this exploitable?


Hi,

I'm looking at a web application I built some time back and I found this
line:

$sth = $dbh->prepare("insert into projects values(null,\"$project\")");

I'm using Perl.

This works quite exploitable to me since $project comes directly from user
without any validation :)

The thing is that I'm yet to find a way to exploit it on the MySQL database
I'm using.

I tried to make $project like:

"); insert into other_table value(bla, bla

but prepare only runs one command and complains about this...

I also tried

" + (insert into other_table value(bla, bla

And a bunch of combinations but I still didn't get the right touch at it and
I would like to understand how these things work.

Reading this list is quite helpuful, I already found a dozen ways to DoS my
application with the insertion of scripts.

I think my app was (was?) really.. :) insecure.

Thanks!

Paulo Pereira

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ