WebApp Sec mailing list archives
Magic Quotes
From: "DokFLeed" <dokfleed () dokfleed net>
Date: Fri, 6 Oct 2006 15:00:04 +0400
I am researching in bypassing Magic Quotes enforced by PHP Suppose you have a script grabuserinfo.php?id=NUMERICVALUEwhich runs a SELECT statement, to be able to pass a ' through the GET successfully
I tried id=CHAR(39,49,49,39) which is id='11'but it breaks after CHAR 32 SPACE character and wouldn't execute whatever comes next
for example to dump user info into a txt file id=11 INTO OUTFILE 'D:/www/zin.txt' would be id=CHAR(49,49,32,73,78,84,79,32,79,85,84,70,73,76,69,32,39,68,58,47,199,199,199,47,122,105,110,46,116,120,116,39); BREAKS OR if a site is using URLDECODE();%2527 translates to %27, which gets past magic quotes. This is translated to ' by urldecode.
but none of these actually works, I wonder if there is a proven way to bypass the quotes
I also got that through a search "0xbf27 is not a valid multi-byte character, but 0xbf5c is. Interpreted as single-byte characters, 0xbf27 is 0xbf (?) followed by 0x27 ('),
and 0xbf5c is 0xbf (?) followed by 0x5c (\).0xbf27, and addslashes() modifies this to become 0xbf5c27" but I dont think it works, addslashes()/stripslashes() act differently than illustrated.
any ideas!if there is noway around Magic Quotes, then why is every developer against it ? Dok
------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
Current thread:
- Google code search Stephen de Vries (Oct 04)
- Re: Google code search Zapotek (Oct 05)
- Re: Google code search Ryan Barnett (Oct 05)
- Magic Quotes DokFLeed (Oct 09)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 10)
- Message not available
- Re: Magic Quotes Tomek Perlak (Oct 10)
- RE: Magic Quotes Matt Fisher (Oct 11)
- Re: Magic Quotes Steve Slater (Oct 11)
- Re: Magic Quotes DokFLeed (Oct 15)
- Re: Magic Quotes Brad Lhotsky (Oct 16)
- Message not available
- Re: Magic Quotes DokFLeed (Oct 17)
- Re: Magic Quotes Brad Lhotsky (Oct 17)
- Re: Magic Quotes DokFLeed (Oct 17)