Bugtraq mailing list archives
Re: mysql_error() can lead to Cross Site Scripting attacks
From: Ben Wheeler <b.wheeler () ulcc ac uk>
Date: Thu, 21 Sep 2006 11:33:48 +0100
On Wed, Sep 20, 2006 at 12:47:54PM -0000, gmdarkfig () gmail com wrote:
Vendor.Status.: Patched
Has this really been patched? It doesn't appear to be a bug and the discussion has it marked as Bogus. The "POC" contains two fundamental security flaws: 1. Using untrusted input to mysql_select_db() without sanitising it
mysql_select_db($db, $link);
2. Printing the result of a function directly to the browser without ensuring that it is appropriately escaped.
echo mysql_errno($link) . ": " . mysql_error($link). "\n";
It's up to the programmer to sanitise input and output as appropriate. You cannot blindly assume that input is safe to pass to functions, nor that a string returned from a function{*} is safe to output (or put into an SQL query, or use in any other way), without checking it. {*} with obvious exceptions for functions whose job it is to make strings safe for a particular use, such as htmlspecialchars(), addslashes() etc. Ben
Current thread:
- mysql_error() can lead to Cross Site Scripting attacks gmdarkfig (Sep 20)
- Re: [bugtraq] mysql_error() can lead to Cross Site Scripting attacks Christian Hammers (Sep 21)
- Re: mysql_error() can lead to Cross Site Scripting attacks mark (Sep 21)
- Re: mysql_error() can lead to Cross Site Scripting attacks Ben Wheeler (Sep 22)
- <Possible follow-ups>
- Re: Re: mysql_error() can lead to Cross Site Scripting attacks gmdarkfig (Sep 22)