Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sql injection and php

From: "Sverre H. Huseby" <shh () thathost com>
Date: Wed, 29 May 2002 12:02:13 +0200
[Jacek Lach]

|   Does the magic_quotes in php's configuration resolves the problem of sql 
|   injection?

No.

|   Is this technique still a risk when the option is enabled?

Yes.

|   Most documentation I found was presenting ASP examples, but simple
|   entering ' character doesn't work when this option is enabled
|   (which is set in default configuration).

You can do much damage without using the quote character:

  http://example.com/show.php?id=3;+DELETE+FROM+Customer

Make the server work: Imagine a database with millions of entries,
from which one normally only see one at a time:

  http://example.com/show.php?id=3+OR+TRUE

And I guess there is much more that can be done by creative intruders.
As always.


Sverre.

-- 
shh () thathost com                     Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/                http://nerdquiz.thathost.com/
Previous By Date Next
Previous By Thread Next

Current thread: