Penetration Testing mailing list archives

Re: PHP and MySQL

From: AdamT <adwulf () gmail com>
Date: Thu, 19 Jan 2006 10:55:37 +0000

On 1/18/06, John Madden <chiwawa999 () yahoo com> wrote:

Hi,

I'm pentesting a web site and i get the following
error message while using a single quote: ex.
/confirm.php?conf='test123

Warning: mysql_fetch_row(): supplied argument is not a
valid MySQL result resource in /xx/xx/confirm.php on
line 5

It could be that the table/database being queried in the script is non-existent.

Eg: Their MySQL command tries to lookup a row in 'mytable'
'mydatabase'.  but neither exists.

--
AdamT
"Maidenhead is *not* in Kent"

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

PHP and MySQL John Madden (Jan 18)
- Re: PHP and MySQL AdamT (Jan 19)
- Re: PHP and MySQL Josh Zlatin-Amishav (Jan 19)
- <Possible follow-ups>
- RE: PHP and MySQL Derick Anderson (Jan 19)
- Re: PHP and MySQL dork (Jan 20)
  - Re: PHP and MySQL Edy (Jan 23)