Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)

From: Benjamin Schulz (listsat_private)
Date: Wed May 14 2003 - 05:57:28 PDT

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets"

Previous message: Paweł Gole: "RE: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED"
In reply to: Rynho Zeros Web: "Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Rynho,

> if(!isset($cid) || $cid == NULL || $cid == "" || !is_numeric ($cid))
> {
>     echo "I don't like you >:|";
>     exit();
> }

you know that $cid == NULL equals $cid == ""? (int)0, too btw.
either check $cid == '' (what is 0 & NULL, too)
or $cid === NULL || $cid === '',
or empty($cid)

Mit freundlichen Gruessen / Kind regards
-- 
Benjamin Schulz

There are 10 types of people: those who understand binary and
those who don't.

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets"
Previous message: Paweł Gole: "RE: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED"
In reply to: Rynho Zeros Web: "Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 16 2003 - 02:38:30 PDT