Penetration Testing mailing list archives
RE: SQL Injection- Bypassing magic_quotes
From: "Andrew Court" <andrew.court () bt com>
Date: Thu, 4 Oct 2007 20:11:37 +0100
Why cant you just turn Magic quotes off? Andrew Court IT Security Specialist | BT Retail - Ireland | E:Andrew.Court () bt com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899| www.btireland.com -----Original Message----- From: Danux [mailto:danuxx () gmail com] Sent: 03 October 2007 23:25 To: pen-test () securityfocus com Subject: SQL Injection- Bypassing magic_quotes Hi, is there a way to bypass PHP magic_quotes in order to run MSSQL SQL Injection tests. Mainly the char ' is being converted to "\' " by the PHP app. I have ridden that with base64_decode is possible to bypass magic_quotes but i havent founded an example. Thanks!!! -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- SQL Injection- Bypassing magic_quotes Danux (Oct 03)
- Message not available
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 09)
- Message not available
- <Possible follow-ups>
- RE: SQL Injection- Bypassing magic_quotes Andrew Court (Oct 04)
- Re: SQL Injection- Bypassing magic_quotes Jorge Hoya (Oct 05)
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 09)
- Re: SQL Injection- Bypassing magic_quotes Jorge Hoya (Oct 05)
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 10)
- RE: SQL Injection- Bypassing magic_quotes Walsh, Leo (Oct 11)
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 11)
- RE: SQL Injection- Bypassing magic_quotes Gary Oleary-Steele (Oct 12)