Query: BID 6273: PortailPhp SQL Injection Vulnerability.

["Vinay A. Mahadik" <VMahadik () Qualys com>]

Hi,

(Posting on vuln-dev too since this has a generic PHP-MySQL SQL 
Injection Vuln question as well).

I was working on this vulnerability. I came across the following 
advisory on SecurityFocus-BugTraq:

http://online.securityfocus.com/archive/1/301572

I find that Php's mysql_query() only allows one SQL query per call. This 
makes the above vuln non-exploitive, I think.

If not, I would like to know how to inject some SQL content between 
"LIKE '%" and "%'" (without the " s) and get some meaningful/useful 
response from the server through the mysql_query() query. I have tried 
the usual injections, and only get an error from anything that splits 
the above with semicolons.

Thanks,
Vinay.