|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [WEB SECURITY] Re: SQL In the Request
From: Rowland (rowland-wind
comcast.net)
Date: Fri Oct 06 2006 - 09:04:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've seen it recently in a state government Website that serves
information to the public. I just hope nobody notices and decides to
alter that information.
I though of blowing the whistle but then I read about someone else got
scapegoated for the same thing. In the same state.
I guess it'll get hacked sooner or later.
On Thu, 2006-10-05 at 12:37, Ory Segal wrote:
> Hi,
>
> I actually saw this kind of blasphemy several years ago -- an
> application that builds a SQL query using client-side JavaScript. The
> complete SQL query was then passed as a hidden parameter to the web
> application...
>
> Go figure...
>
> -Ory Segal
> http://www.watchfire.com
>
>
>
> -----Original Message-----
> From: bryan allott [mailto:homegrownbryanallott.net]
> Sent: Thursday, October 05, 2006 5:35 PM
> To: webappsecsecurityfocus.com; websecuritywebappsec.org
> Subject: [WEB SECURITY] Re: SQL In the Request
>
>
> Just when i thought i had seen it all... -i come across a site which
> passes in the following as part of the REQUEST..
> yes, the SWF builds a request and sends it through to a php server... in
> plain text.
>
> POST /flashsql.php?id=106 HTTP/1.1
>
> = QUERYSTRING ====
> id=106
>
> = BODY ====
> host=<HOSTNAME>
> sql_=SELECT DISTINCT(movies.id), movies.name, filename FROM movies LEFT
> JOIN groups_movies ON (movies.id = groups_movies.movie_id) LEFT JOIN
> groups ON (groups.id = groups_movies.group_id) LEFT JOIN files_groups ON
> (groups.id = files_groups.group_id) LEFT JOIN files ON (files.id =
> files_groups.file_id) WHERE movies.id IN(155,150,52,149,134,133,76) AND
> files.file_type_id=9 ORDER BY movies.id
> dat=sk_cms
>
> is there anyway that this can be "acceptable" ?
>
>
>
>
>
> ------------------------------------------------------------------------
> ----
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Watchfire has new programs available for pen testers and consultants to
> use AppScan in client engagements. AppScan is the leading Web application
> assessment tool. Want to see it for yourself? Take a look today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
> --------------------------------------------------------------------------
--
---------------------------------------------------------------------------
My skills and contact info: http://www.blcss.com/contactme.php
Public Freenet gateway: http://blcss.com/cgi-bin/fr.pl
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]