Bugtraq mailing list archives
Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
From: Benjamin Schulz <lists () hnc cc>
Date: Wed, 14 May 2003 14:57:28 +0200
Hi Rynho,
if(!isset($cid) || $cid == NULL || $cid == "" || !is_numeric ($cid))
{
echo "I don't like you >:|";
exit();
}
you know that $cid == NULL equals $cid == ""? (int)0, too btw. either check $cid == '' (what is 0 & NULL, too) or $cid === NULL || $cid === '', or empty($cid) Mit freundlichen Gruessen / Kind regards -- Benjamin Schulz There are 10 types of people: those who understand binary and those who don't.
Current thread:
- Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!) Albert Puigsech Galicia (May 12)
- Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!) Rynho Zeros Web (May 13)
- Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!) Benjamin Schulz (May 15)
- Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!) Rynho Zeros Web (May 13)