|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: SQL In the Request
From: Arian J. Evans (arian.evans
anachronic.com)
Date: Fri Oct 06 2006 - 14:13:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If everything runs on the local host and you are admin,
I guess I don't see a problem. :)
A developer I helped convert to the dark side showed
me a portal he found that was basically this, but
the SQL query was constructed from cookies. That way
the developers could remotely troubleshoot and debug
the app by using in-browser cookie editors or simply
dropping a cookie (query section) they didn't like
to manipulate the query dynamically.
Obviously there were a couple of other implications
to this implementation style as well.
-ae
> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of bryan allott
> Sent: Thursday, October 05, 2006 10:29 AM
> To: webappsecsecurityfocus.com; websecuritywebappsec.org
> Subject: SQL In the Request
>
> Just when i thought i had seen it all... -i come across a
> site which passes
> in the following as part of the REQUEST..
> yes, the SWF builds a request and sends it through to a php
> server... in
> plain text.
>
> POST /flashsql.php?id=106 HTTP/1.1
>
> = QUERYSTRING ====
> id=106
>
> = BODY ====
> host=dedi119b.your-server.co.za
> sql_=SELECT DISTINCT(movies.id), movies.name, filename FROM
> movies LEFT
> JOIN groups_movies ON (movies.id = groups_movies.movie_id)
> LEFT JOIN groups
> ON (groups.id = groups_movies.group_id) LEFT JOIN
> files_groups ON (groups.id
> = files_groups.group_id) LEFT JOIN files ON (files.id =
> files_groups.file_id) WHERE movies.id
> IN(155,150,52,149,134,133,76) AND
> files.file_type_id=9 ORDER BY movies.id
> dat=sk_cms
>
> is there anyway that this can be "acceptable" ?
>
>
> --------------------------------------------------------------
> -----------
> Sponsored by: Watchfire
>
> Watchfire has new programs available for pen testers and
> consultants to
> use AppScan in client engagements. AppScan is the leading Web
> application
> assessment tool. Want to see it for yourself? Take a look today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx?id=70150
> 0000008YSz
> --------------------------------------------------------------
> ------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]