Overwriting an uninitialized local variable in PHP
- From: Kellox <kellox@xxxxxxxxxx>
- Date: Wed, 21 Feb 2007 16:32:37 +0100
I'm addressing a PHP with a MySQL DB system.
A PHP script looks like this:
$sort_mode = $_GET['sort'];
if($sort_mode = 'ascendend') $query = "....";
else if($sort_mode = 'descendend') $query = "....";
...
mysql_query($query) or die();
This script does actually contain some serious problem because $sort_mode is not sanitized. But this variable is never used in a SQL query, so even if you modify the GET Parameter to become a SQL injection it won't be executed by the DB because this variable is not passed to the engine. The actual variable containing the query is $query. But since there's no else clause, $query is uninitialized, when you pass a string to the variable $sort_mode that is not contained in the if-then-else statement (e.g. $sort_mode = 'does_not_exist')
My question is if there is a way to "initialize" the variable $query myself as an attacker from the outside, so that I can write my on SQL query.
This question is related to a webapp review I'm doing at the moment.
Thx in advance!
- Follow-Ups:
- Re: Overwriting an uninitialized local variable in PHP
- From: Robert Larsen
- Re: Overwriting an uninitialized local variable in PHP
- From: Tyler Krpata
- Re: Overwriting an uninitialized local variable in PHP
- References:
- ssh key authentication
- From: Jorge JJ
- Re: ssh key authentication
- From: Kelly Martin
- ssh key authentication
- Prev by Date: Re: SMB/NetBIOS Sniffing
- Next by Date: Re: About War Driving ..
- Previous by thread: Re: ssh key authentication
- Next by thread: Re: Overwriting an uninitialized local variable in PHP
- Index(es):
Relevant Pages
|
