Penetration Testing mailing list archives
malicious encoding - mysql php
From: <biftarin () hotmail com>
Date: 2 Sep 2004 19:44:29 -0000
Hi all, I'm currently auditing a forum running on Redhat Enterprise, Apache 1.3.27, PHP 4.3.7 and mySQL 3.23.58 . The problem I need to solve is how to bypass this filter that blocks apostrophes. $input = str_replace("'", "'", $input) (in case the board decodes the 2nd argument, it is ampersand hash 39) I have tried UTF-8 encoding ( %c0%a7 ) and the apostrophe appears in the mysql log file. e.g The query in the logfile looks like this. SELECT * FROM sessions WHERE key='invalidkey' AND member_id = '1' This doesn't return a row. Yet when I copy and paste this query and execute it through the mysql client it returns a row as expected. It looks as though the %c0%a7 isn't being filtered out by PHP but it's not being viewed as an apostrophe by mySQL even though it appears as an apostrophe in the mySQL log file. If someone could help me understand this discrepancy or offer an alternative way to bypass the filter I'd really appreciate it. Thanks in advance. ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- malicious encoding - mysql php biftarin (Sep 02)
- RE: malicious encoding - mysql php Rob Shein (Sep 03)