lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <367212CB.765FCC59.0B183C67@netscape.net>
Date: Sat Aug 20 04:20:13 2005
From: GabbarRang at netscape.net (Gabbar Sing)
Subject: SQL Injeciton.

Hi,

We have an internal web application written in PHP, in which the developer has got following line.

$query = mysql_query("select field1,field2 from table where field1='$field1fromuser';");

and is sending user input to backend using post method.

At first sight I though its very much vulnerible to SQL Injection, but I am not just able to demonstrate it. As when i send the character " ' " it just escapes it before sending query to db as " ' " thus  failing my injection.

I had also tried injecting sql using char but without any luck as the variable is within single quote. Hence it did plain text
comparison.

Can any one shed some light on this, as I am new to sql injection.

Gabbar.

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ