Query: BID 6273: PortailPhp SQL Injection Vulnerability.
From: Vinay A. Mahadik (VMahadik@Qualys.com)
- Previous message: Dan Kaminsky: "Release: Paketto Keiretsu 1.10"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Dec 2002 16:44:44 -0800 From: "Vinay A. Mahadik" <VMahadik@Qualys.com> To: vALDEUx@aol.com, email@example.com, firstname.lastname@example.org
(Posting on vuln-dev too since this has a generic PHP-MySQL SQL
Injection Vuln question as well).
I was working on this vulnerability. I came across the following
advisory on SecurityFocus-BugTraq:
I find that Php's mysql_query() only allows one SQL query per call. This
makes the above vuln non-exploitive, I think.
If not, I would like to know how to inject some SQL content between
"LIKE '%" and "%'" (without the " s) and get some meaningful/useful
response from the server through the mysql_query() query. I have tried
the usual injections, and only get an error from anything that splits
the above with semicolons.