PaulDotCom mailing list archives
Episode 161 SQL Exploit?
From: infolookup at gmail.com (infolookup at gmail.com)
Date: Wed, 29 Jul 2009 12:44:13 +0000
M, Paul didn't do a write up on this as yet, I have to look in my notes I believe I wrote it down while Paul was giving the example since I tested it myself at the CTF and it worked. If I don't find I am sure in a week or so Paul will have the write up! ------Original Message------ From: lists at truthisfreedom.org.uk Sender: pauldotcom-bounces at mail.pauldotcom.com To: PaulDotCom Security Weekly Mailing List ReplyTo: PaulDotCom Security Weekly Mailing List Sent: Jul 29, 2009 4:48 AM Subject: [Pauldotcom] Episode 161 SQL Exploit? Hi all, I've just finished listening to Ep. 161 and Paul talked about an SQL statement that he had used as part of the CTF last week that created a PHP script on the fly and executed ShellCmds on a server. I'd be v. interested in seeing this to try and prevent it from happening on my systems but I can't find it in the show notes. Anyone got any ideas as to where I can find this? Thanks, M. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Sent from my Verizon Wireless BlackBerry
Current thread:
- Episode 161 SQL Exploit? lists at truthisfreedom.org.uk (Jul 29)
- Episode 161 SQL Exploit? Tim Mugherini (Jul 29)
- Episode 161 SQL Exploit? Robert Portvliet (Jul 29)
- <Possible follow-ups>
- Episode 161 SQL Exploit? infolookup at gmail.com (Jul 29)