Penetration Testing mailing list archives
PHP and MySQL
From: John Madden <chiwawa999 () yahoo com>
Date: Wed, 18 Jan 2006 12:13:36 -0800 (PST)
Hi, I'm pentesting a web site and i get the following error message while using a single quote: ex. /confirm.php?conf='test123 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /xx/xx/confirm.php on line 5 I've looked up the error and attemped numerous variations like '1==1; etc... but i always get the same error. As anyone been succesful in getting information this way ? If so how? And how do we fix this vulnerability ? Besides the PHP code itself (sanitize user input), is it a PHP setting (php.ini) ? Thanks for your help __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- PHP and MySQL John Madden (Jan 18)
- Re: PHP and MySQL AdamT (Jan 19)
- Re: PHP and MySQL Josh Zlatin-Amishav (Jan 19)
- <Possible follow-ups>
- RE: PHP and MySQL Derick Anderson (Jan 19)
- Re: PHP and MySQL dork (Jan 20)
- Re: PHP and MySQL Edy (Jan 23)