PaulDotCom mailing list archives

Episode 161 SQL Exploit?

From: infolookup at gmail.com (infolookup at gmail.com)
Date: Wed, 29 Jul 2009 12:44:13 +0000

M,

Paul didn't do a write up on this as yet, I have to look in my notes I believe I wrote it down while Paul was giving 
the example since I tested it myself at the CTF and it worked.

If I don't find I am sure in a week or so Paul will have the write up!
------Original Message------
From: lists at truthisfreedom.org.uk
Sender: pauldotcom-bounces at mail.pauldotcom.com
To: PaulDotCom Security Weekly Mailing List
ReplyTo: PaulDotCom Security Weekly Mailing List
Sent: Jul 29, 2009 4:48 AM
Subject: [Pauldotcom] Episode 161 SQL Exploit?

Hi all,

I've just finished listening to Ep. 161 and Paul talked about an SQL  
statement that he had used as part of the CTF last week that created a  
PHP script on the fly and executed ShellCmds on a server.

I'd be v. interested in seeing this to try and prevent it from  
happening on my systems but I can't find it in the show notes.

Anyone got any ideas as to where I can find this?

Thanks,

M.
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Sent from my Verizon Wireless BlackBerry

Current thread:

Episode 161 SQL Exploit? lists at truthisfreedom.org.uk (Jul 29)
- Episode 161 SQL Exploit? Tim Mugherini (Jul 29)
- Episode 161 SQL Exploit? Robert Portvliet (Jul 29)
- <Possible follow-ups>
- Episode 161 SQL Exploit? infolookup at gmail.com (Jul 29)