WebApp Sec mailing list archives
magic_quotes
From: Wojciech Pawlikowski <wojtek () vline pl>
Date: Fri, 14 Jan 2005 07:59:09 +0100
Hey, I'm doing penetration test for some company using OSSTMM methodology. During information gathering stage I've found some SQL injection bug in their webapp. All I know is they've got some Oracle DB and Linux webserver with mod_php4 module. My problem is perhaps well known - is there any possibility to bypass magic_quotes protection ? PHP is 4.3.2, but I don't remember any vulnerability regarding magic_quotes in this version. -- * Wojciech Pawlikowski :: <ducer at hard-core pl> :: NIC-HDL WP5161-RIPE * * http://ducer.w00nf.org :: http://www.knockdownhc.com :: Born to Hate *
Current thread:
- magic_quotes Wojciech Pawlikowski (Jan 14)
- Re: magic_quotes James Barkley (Jan 15)
- Re: magic_quotes Matt Fisher (Jan 19)