Executing PHP Code from MSSQL table



Hi, after testing a PHP-MSSQL app, i am able to insert and update
tables but i can't execute store_procedures, so, i was wondering if
its possible to update a table putting something like: "phpinfo()" or
(passthru("ipconfig")) in order to execute while loading the page?

I mean:

inside the html page the images are taken from database so... in a
black box perspective a think is something like: <img src=$img> and i
know where is the table which reads this image name, then i can update
the table and instead of read something like $img = picture.gif, reads
some thing like "phpinfo();". but as you know this is only a string,
even though if i update the table with: eval("phpinfo();") its also a
string .... so it dont get executed!!

So, i would like you help me, what can i do if i am able to insert,
create and update tables but unable to run store procedures, or bulk
or bcp!!!!!

Thanks!!!

--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • Re: Executing PHP Code from MSSQL table
    ... "eval - Evaluate a string as PHP code" ... execute the text string as if it were code. ... What you have is an opportunity for cross-site scripting, not PHP code ... Chief Information Security Officer ...
    (Pen-Test)
  • RE: SQL stored procedure executing twice
    ... I wasn't aware that DLookupwould execute the "domain" more than once. ... caused the stored procedure to execute twice. ... Dim stDocName As String ... My pass-thru query properties ...
    (microsoft.public.access.modulesdaovba)
  • Re: 8080/z80 testing request
    ... CP/M having ... The BDOS "print string" function, ... discovered that some instructions has 2 durations, ... piece of code takes to execute (anyway, under CP/M, it will depends on ...
    (comp.os.cpm)
  • Re: Cannot execute DTS package
    ... > "Hermit Dave" wrote in message ... >> Whats happening is that it is trying to execute the Query with context ... >>> executing DTS packages from the ASP.NET: ... >>> String ServerPassword, DTSSQLServerStorageFlags Flags, String ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Cannot execute DTS package
    ... > "Hermit Dave" wrote in message ... >> Whats happening is that it is trying to execute the Query with context ... >>> executing DTS packages from the ASP.NET: ... >>> String ServerPassword, DTSSQLServerStorageFlags Flags, String ...
    (microsoft.public.dotnet.framework.aspnet.security)