Re: PHPNuke SQL Injection / General SQL Injection

From: David Walker (bugtraqat_private)
Date: Fri Feb 21 2003 - 13:21:12 PST

Next message: Ulf Harnhammar: "[VulnWatch] Rogue buffer overflow"

Previous message: Ulf Harnhammar: "[Full-Disclosure] Rogue buffer overflow"
In reply to: Lucas Armstrong: "PHPNuke SQL Injection"
Next in thread: MightyE: "Re: PHPNuke SQL Injection / General SQL Injection"
Next in thread: Oriol Carreas: "RE: PHPNuke SQL Injection"
Reply: MightyE: "Re: PHPNuke SQL Injection / General SQL Injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When programming a system that creates sql strings based on passed in integers
i.e. where some_int=$variable_from_querystring
you must always do a check to confirm that that variable contains only numeric 
data.   

an alternate fix on sql servers that allow the format
where some_int='1234' -- (quoted numbers)
would be to do
where some_int='replace($variable_from_querystring,"'","''")'
This would cause a more than likely harmless error to occur whenever character 
occurs within the passed in numeric/integer variable.

Next message: Ulf Harnhammar: "[VulnWatch] Rogue buffer overflow"
Previous message: Ulf Harnhammar: "[Full-Disclosure] Rogue buffer overflow"
In reply to: Lucas Armstrong: "PHPNuke SQL Injection"
Next in thread: MightyE: "Re: PHPNuke SQL Injection / General SQL Injection"
Next in thread: Oriol Carreas: "RE: PHPNuke SQL Injection"
Reply: MightyE: "Re: PHPNuke SQL Injection / General SQL Injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 21 2003 - 13:35:21 PST