|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: PHP Finding SQL Injection Holes
From: Wirges, Matthew L. (wirges
purdue.edu)
Date: Thu Oct 30 2003 - 07:01:58 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm not sure that I get the point of this script. I tested a couple of
simple cases such as:
mysql_query("SELECT * FROM foo where blee=$bar");
mysql_query("SELECT * FROM foo where blee=".$bar);
which could be vulnerable but where not found.
Also it makes several assumptions:
1) SQL queries are performed with the mysql_query function and not some
sort of database wrapper or other database interface.
2) additionally, it assumes that the SQL queries are passed as a string
in the calling [mysql_query] function
3) finally, it assumes that the query only occupies a single line of
code. Most complicated scripts have SQL queries which span several
lines
Personally, I rely on code audits and input filtering to eliminate SQL
injection threats.
-matt
> -----Original Message-----
> From: James Mitchell [mailto:reductoraskmiky.com]
> Sent: Wednesday, October 29, 2003 6:16 AM
> To: webappsecsecurityfocus.com
> Subject: PHP Finding SQL Injection Holes
>
> I got bored, and made a thing to find Places which might
> allow for SQL Injection in PHP, Anyone got any feed back, on
> my 2 minute script?
>
> http://www.php-webmaster.com/sqlinjects.phps
>
> Thanks,
> James Mitchell
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]