Re: [Full-disclosure] SQL Injeciton.
From: Gabbar Sing (GabbarRang_at_netscape.net)
Date: Sat, 20 Aug 2005 01:42:36 -0400 To: email@example.com (Jeremy Bishop), firstname.lastname@example.org
Thanks I would definitely check on magic_quotes, but the fact is it escapes those characters, so theres no way...its succeptable to sql injection. and ofcourse i am asking this question here means the develper has not done any kind of sanitization checking. So, if SLQ injection is no possible even below given XXS wont be the case i guess,
Jeremy Bishop <email@example.com> wrote:
>On Friday 19 August 2005 20:20, Gabbar Sing wrote:
>> We have an internal web application written in PHP, in which the
>> developer has got following line.
>> At first sight I though its very much vulnerible to SQL Injection,
>> but I am not just able to demonstrate it. As when i send the
>> character " ' " it just escapes it before sending query to db as " '
>> " thus failing my injection.
>PHP has a feature known as magic quotes that can provide automatic
>escaping of quotes in user-submitted data. I believe the configuration
>variables to look at are "magic_quotes_gpc" and "magic_quotes_sybase",
>or some variation on those; the documentation should be more revealing.
>The developer may also have manually sanitized the data; I assume you
>have checked for that already? The ideal means of handling input would
>be to have the code check whether magic quotes are enabled and to take
>appropriate action based on the result of that check.
>My group's mission statement - 'You want *what* ? By *WHEN* ?'
> -- Simon Burr
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/