Penetration Testing mailing list archives
Re: SQL Injection- Bypassing magic_quotes
From: Danux <danuxx () gmail com>
Date: Tue, 9 Oct 2007 00:49:37 +0000
As usual, thanks for your excellent help. On 10/5/07, Jorge Hoya <aquinadie () gmail com> wrote:
Hi Danux and all, maybe this forum post (in spanish) could help you [1] [1] http://www.wadalbertia.org/phpBB2/viewtopic.php?t=3200&highlight=inyeccion+sql+conversion+tipos 2007/10/4, Andrew Court <andrew.court () bt com>:Why cant you just turn Magic quotes off? Andrew Court IT Security Specialist | BT Retail - Ireland | E:Andrew.Court () bt com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899| www.btireland.com -----Original Message----- From: Danux [mailto:danuxx () gmail com] Sent: 03 October 2007 23:25 To: pen-test () securityfocus com Subject: SQL Injection- Bypassing magic_quotes Hi, is there a way to bypass PHP magic_quotes in order to run MSSQL SQL Injection tests. Mainly the char ' is being converted to "\' " by the PHP app. I have ridden that with base64_decode is possible to bypass magic_quotes but i havent founded an example. Thanks!!! -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads -------------------------------------------------------------------------- << El futuro está oculto detrás de los hombres que lo hacen >> [ http://www.nosoynadie.net/ ] ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- SQL Injection- Bypassing magic_quotes Danux (Oct 03)
- Message not available
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 09)
- Message not available
- <Possible follow-ups>
- RE: SQL Injection- Bypassing magic_quotes Andrew Court (Oct 04)
- Re: SQL Injection- Bypassing magic_quotes Jorge Hoya (Oct 05)
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 09)
- Re: SQL Injection- Bypassing magic_quotes Jorge Hoya (Oct 05)
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 10)
- RE: SQL Injection- Bypassing magic_quotes Walsh, Leo (Oct 11)
- Re: SQL Injection- Bypassing magic_quotes Danux (Oct 11)
- RE: SQL Injection- Bypassing magic_quotes Gary Oleary-Steele (Oct 12)