Vulnerability Development mailing list archives
Query: BID 6273: PortailPhp SQL Injection Vulnerability.
From: "Vinay A. Mahadik" <VMahadik () Qualys com>
Date: Thu, 26 Dec 2002 16:44:44 -0800
Hi,(Posting on vuln-dev too since this has a generic PHP-MySQL SQL Injection Vuln question as well).
I was working on this vulnerability. I came across the following advisory on SecurityFocus-BugTraq:
http://online.securityfocus.com/archive/1/301572I find that Php's mysql_query() only allows one SQL query per call. This makes the above vuln non-exploitive, I think.
If not, I would like to know how to inject some SQL content between "LIKE '%" and "%'" (without the " s) and get some meaningful/useful response from the server through the mysql_query() query. I have tried the usual injections, and only get an error from anything that splits the above with semicolons.
Thanks, Vinay.
Current thread:
- Query: BID 6273: PortailPhp SQL Injection Vulnerability. Vinay A. Mahadik (Dec 27)