PaulDotCom mailing list archives

Episode 161 SQL Exploit?

From: gbugbear at gmail.com (Tim Mugherini)
Date: Wed, 29 Jul 2009 07:31:34 -0400

http://blog.tenablesecurity.com/2009/07/nyc-infragard-capture-the-flag-event.html



On 7/29/09, lists at truthisfreedom.org.uk <lists at truthisfreedom.org.uk> wrote:

Hi all,

I've just finished listening to Ep. 161 and Paul talked about an SQL
statement that he had used as part of the CTF last week that created a
PHP script on the fly and executed ShellCmds on a server.

I'd be v. interested in seeing this to try and prevent it from
happening on my systems but I can't find it in the show notes.

Anyone got any ideas as to where I can find this?

Thanks,

M.
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-- 
Sent from my mobile device

Current thread:

Episode 161 SQL Exploit? lists at truthisfreedom.org.uk (Jul 29)
- Episode 161 SQL Exploit? Tim Mugherini (Jul 29)
- Episode 161 SQL Exploit? Robert Portvliet (Jul 29)
- <Possible follow-ups>
- Episode 161 SQL Exploit? infolookup at gmail.com (Jul 29)