WebApp Sec mailing list archives
Re: SQL/Script Injection w/ MySQL & PHP
From: "Steve Slater" <slater () handsonsecurity com>
Date: Fri, 28 May 2004 00:27:55 -0700 (PDT)
No detailed papers, but here is an example from an older version of phpBB where addslashes() / magic_quotes_gpc does not hinder the SQL injection attack. http://packetstormsecurity.nl/0311-exploits/phpBB206.txt Steve
Hello. I'm looking for a current in-depth papers on script injection and SQL injection specifically on a MySQL/PHP combo (version 4.x of each). I'm looking for advanced techniques that would get around the normal addslashes/stripslashes for SQL injection and converting special chars to html entities for script injection.
--------------------------------------------- Steve Slater Hands-On Security Information Security Training and Consulting slater () handsonsecurity com Next Class: http://www.sans.org/sanslamp04/
Current thread:
- SQL/Script Injection w/ MySQL & PHP Paul (May 27)
- Re: SQL/Script Injection w/ MySQL & PHP Steve Slater (May 31)