WebApp Sec mailing list archives
RE: PHP Finding SQL Injection Holes
From: "Wirges, Matthew L." <wirges () purdue edu>
Date: Thu, 30 Oct 2003 08:01:58 -0500
I'm not sure that I get the point of this script. I tested a couple of simple cases such as: mysql_query("SELECT * FROM foo where blee=$bar"); mysql_query("SELECT * FROM foo where blee=".$bar); which could be vulnerable but where not found. Also it makes several assumptions: 1) SQL queries are performed with the mysql_query function and not some sort of database wrapper or other database interface. 2) additionally, it assumes that the SQL queries are passed as a string in the calling [mysql_query] function 3) finally, it assumes that the query only occupies a single line of code. Most complicated scripts have SQL queries which span several lines Personally, I rely on code audits and input filtering to eliminate SQL injection threats. -matt
-----Original Message----- From: James Mitchell [mailto:reductor () askmiky com] Sent: Wednesday, October 29, 2003 6:16 AM To: webappsec () securityfocus com Subject: PHP Finding SQL Injection Holes I got bored, and made a thing to find Places which might allow for SQL Injection in PHP, Anyone got any feed back, on my 2 minute script? http://www.php-webmaster.com/sqlinjects.phps Thanks, James Mitchell
Current thread:
- PHP Finding SQL Injection Holes James Mitchell (Oct 30)
- <Possible follow-ups>
- RE: PHP Finding SQL Injection Holes Wirges, Matthew L. (Oct 30)
- Re: PHP Finding SQL Injection Holes James Mitchell (Oct 30)
- RE: PHP Finding SQL Injection Holes Wirges, Matthew L. (Oct 30)