Security Basics mailing list archives
Beginner questions regarding PHP and MySQL Injection
From: James Bensley <jwbensley () gmail com>
Date: Wed, 28 Jul 2010 23:18:12 +0100
List of great knowledge... I have set my self up a test lab some some PHP excersies; it seems the infamous ' or 1=1 -- is way to easy to exploit; I can only get it to work if I give it a stupidly oversized helping hand :D (i.e. php magic quotes is turn off and no input validation of any sort is being performed) As soon as I start using as a minimum stringslashes() and mysql_real_esacpe_string() and/or turn magic quotes on, I can no longer escape the PHP code that builds the MySQL query to perform an injection Does anyone have any pointers, advice, good reading etc they can link that can explain how I can escape these methods? Or perhaps a better way of trying to implement my SQL injection? -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Beginner questions regarding PHP and MySQL Injection James Bensley (Jul 29)
- Re: Beginner questions regarding PHP and MySQL Injection zero9zero (Jul 29)