Re: [Full-disclosure] SQL Injeciton.

From: Jeremy Bishop (requiem_at_praetor.org)
Date: 08/20/05

  • Next message: Gautam R. Singh: "Re: [Full-disclosure] windows netstat"
    To: full-disclosure@lists.grok.org.uk
    Date: Fri, 19 Aug 2005 21:30:03 -0700
    
    

    On Friday 19 August 2005 20:20, Gabbar Sing wrote:
    > Hi,
    >
    > We have an internal web application written in PHP, in which the
    > developer has got following line.

    <snip>

    > At first sight I though its very much vulnerible to SQL Injection,
    > but I am not just able to demonstrate it. As when i send the
    > character " ' " it just escapes it before sending query to db as " '
    > " thus failing my injection.

    PHP has a feature known as magic quotes that can provide automatic
    escaping of quotes in user-submitted data. I believe the configuration
    variables to look at are "magic_quotes_gpc" and "magic_quotes_sybase",
    or some variation on those; the documentation should be more revealing.

    The developer may also have manually sanitized the data; I assume you
    have checked for that already? The ideal means of handling input would
    be to have the code check whether magic quotes are enabled and to take
    appropriate action based on the result of that check.

    -- 
    My group's mission statement - 'You want *what* ? By *WHEN* ?'
                  -- Simon Burr
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Gautam R. Singh: "Re: [Full-disclosure] windows netstat"

    Relevant Pages

    • Re: PHP Design tools? IDE?
      ... > Is PHP usually handcoded? ... code which carries out all communication with the database. ... > of converting your design to html/PHP code. ... editor then your are a pretty poor developer. ...
      (comp.lang.php)
    • Re: PHP security (or the lack thereof)
      ... The real problem is the way PHP is presented to most new developers. ... PHP has been introduced as a tool for the web developer. ... I don't think somebody who would ever consider the security section in the primary online manual as a "footnote" as having enough experience to call themselves a developer. ...
      (Bugtraq)
    • Web Application Engineer - Drupal, PHP, CSS, JavaScript, Postgresql
      ... Web Application Engineer - Drupal, PHP, CSS, JavaScript, Postgresql ... Web Application Developer - Drupal, PHP, CSS, ... power important internal sales and marketing systems, ... providing search engine marketing software solutions. ...
      (php.general)
    • Web Application Engineer - Drupal, PHP, CSS, JavaScript, Postgresql
      ... Web Application Engineer - Drupal, PHP, CSS, JavaScript, Postgresql ... Web Application Developer - Drupal, PHP, CSS, ... power important internal sales and marketing systems, ... providing search engine marketing software solutions. ...
      (alt.php)
    • Web Application Engineer - Drupal, PHP, CSS, JavaScript, Postgresql
      ... Web Application Engineer - Drupal, PHP, CSS, JavaScript, Postgresql ... Web Application Developer - Drupal, PHP, CSS, ... power important internal sales and marketing systems, ... providing search engine marketing software solutions. ...
      (comp.lang.php)