Re: sql injection and php

From: Sverre H. Huseby (shhat_private)
Date: Wed May 29 2002 - 03:02:13 PDT

Next message: meijin: "Re: DirectX 9 SDK, Microsoft have got balls...."

Previous message: dullienat_private: "Re[2]: Microsoft IIS - Possible authentication flaw?"
In reply to: Jacek Lach: "sql injection and php"
Next in thread: Greg Hunt: "Re: sql injection and php"
Next in thread: Florian Weimer: "Re: sql injection and php"
Reply: Greg Hunt: "Re: sql injection and php"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Jacek Lach]

|   Does the magic_quotes in php's configuration resolves the problem of sql 
|   injection?

No.

|   Is this technique still a risk when the option is enabled?

Yes.

|   Most documentation I found was presenting ASP examples, but simple
|   entering ' character doesn't work when this option is enabled
|   (which is set in default configuration).

You can do much damage without using the quote character:

  http://example.com/show.php?id=3;+DELETE+FROM+Customer

Make the server work: Imagine a database with millions of entries,
from which one normally only see one at a time:

  http://example.com/show.php?id=3+OR+TRUE

And I guess there is much more that can be done by creative intruders.
As always.


Sverre.

-- 
shhat_private			Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/		http://nerdquiz.thathost.com/

Next message: meijin: "Re: DirectX 9 SDK, Microsoft have got balls...."
Previous message: dullienat_private: "Re[2]: Microsoft IIS - Possible authentication flaw?"
In reply to: Jacek Lach: "sql injection and php"
Next in thread: Greg Hunt: "Re: sql injection and php"
Next in thread: Florian Weimer: "Re: sql injection and php"
Reply: Greg Hunt: "Re: sql injection and php"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 29 2002 - 10:08:48 PDT