WebApp Sec mailing list archives
Re: Paper of insecure in PHP... and doubt in SQL-Injection
From: "Kevin Spett" <kspett () spidynamics com>
Date: Thu, 20 Feb 2003 11:03:02 -0500
The best paper on PHP security in general that I've seen is _A Study In Scarlet_ (http://www.securereality.com.au/studyinscarlet.txt) For general SQL injection instruction, I recommend my paper (http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf) and the NGS paper written by Chris Anley (www.nextgenss.com/papers/advanced_sql_injection.pdf ). I think the requested properties error message indicates that the database driver does not know how to handle the kind of result that the database server returned. This can be a problem when mixing driver and database server vendors. I don't know how to get around it offhand. Perhaps someone with more ADO experience can offer some ideas or clarifications. Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: <sekure () hadrion com br> To: <webappsec () securityfocus com> Sent: Thursday, February 20, 2003 8:52 AM Subject: Paper of insecure in PHP... and doubt in SQL-Injection
Hi, I'm searching a good paper or collection of papers that describe problems of PHP with real examples and eploitations. Like SQL-Injection, danger funcionts, buffer overflow, ... ps.: I want read, understand and test it. hehehe :) Where find this papers ?? Someone have links that i can access ? :) A little doubt about SQL-Injections... Why some sites and Visual Basic applications gave-me this error when i try a SQL-Injection in it: Microsoft OLE DB Provider for ODBC Drivers error '80040e21' ODBC driver does not support the requested properties. /procura_resp.asp, line 121 This error was caused by insert a ' or '1 under a search form. :) Why ?? A different provider ?? Security checks ?? How to bypass this problem of provider ?? Thkz a lot. Best Regards. [ ]'s
Current thread:
- Paper of insecure in PHP... and doubt in SQL-Injection sekure (Feb 20)
- Re: Paper of insecure in PHP... and doubt in SQL-Injection Kevin Spett (Feb 20)
- Re: Paper of insecure in PHP... and doubt in SQL-Injection Emanuele Rocca (Feb 20)
- <Possible follow-ups>
- Re: Paper of insecure in PHP... and doubt in SQL-Injection zeno (Feb 20)
- Re: Paper of insecure in PHP... and doubt in SQL-Injection Jason Stout (Feb 20)
- Re: Paper of insecure in PHP... and doubt in SQL-Injection bloodk (Feb 21)