Penetration Testing mailing list archives
Re: PHP and MySQL
From: Josh Zlatin-Amishav <josh () tkos co il>
Date: Thu, 19 Jan 2006 11:15:12 +0200 (IST)
On Wed, 18 Jan 2006, John Madden wrote:
Hi, I'm pentesting a web site and i get the following error message while using a single quote: ex. /confirm.php?conf='test123 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /xx/xx/confirm.php on line 5
[...snip]
And how do we fix this vulnerability ? Besides the PHP code itself (sanitize user input), is it a PHP setting (php.ini) ?
You might also want to set display_errors = Off in php.ini. -- - Josh ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- PHP and MySQL John Madden (Jan 18)
- Re: PHP and MySQL AdamT (Jan 19)
- Re: PHP and MySQL Josh Zlatin-Amishav (Jan 19)
- <Possible follow-ups>
- RE: PHP and MySQL Derick Anderson (Jan 19)
- Re: PHP and MySQL dork (Jan 20)
- Re: PHP and MySQL Edy (Jan 23)