Penetration Testing mailing list archives
Executing PHP Code from MSSQL table
From: Danux <danuxx () gmail com>
Date: Mon, 15 Oct 2007 19:38:50 -0500
Hi, after testing a PHP-MSSQL app, i am able to insert and update tables but i can't execute store_procedures, so, i was wondering if its possible to update a table putting something like: "phpinfo()" or (passthru("ipconfig")) in order to execute while loading the page? I mean: inside the html page the images are taken from database so... in a black box perspective a think is something like: <img src=$img> and i know where is the table which reads this image name, then i can update the table and instead of read something like $img = picture.gif, reads some thing like "phpinfo();". but as you know this is only a string, even though if i update the table with: eval("phpinfo();") its also a string .... so it dont get executed!! So, i would like you help me, what can i do if i am able to insert, create and update tables but unable to run store procedures, or bulk or bcp!!!!! Thanks!!! -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Executing PHP Code from MSSQL table Danux (Oct 15)
- Re: Executing PHP Code from MSSQL table Jim Halfpenny (Oct 16)
- Re: Executing PHP Code from MSSQL table Matthew Lee Hinman (Oct 18)
- Re: Executing PHP Code from MSSQL table Danux (Oct 18)
- Re: Executing PHP Code from MSSQL table Matthew Lee Hinman (Oct 18)
- Re: Executing PHP Code from MSSQL table Alexander Klimov (Oct 18)
- Re: Executing PHP Code from MSSQL table Robin Wood (Oct 19)
- Re: Executing PHP Code from MSSQL table Danux (Oct 19)
- Re: Executing PHP Code from MSSQL table Jim Halfpenny (Oct 16)