Hosting Provided By

Query: BID 6273: PortailPhp SQL Injection Vulnerability.

From: Vinay A. Mahadik <VMahadik(at)Qualys.com>
Date: Thu Dec 26 2002 - 19:44:44 EST

Hi,

(Posting on vuln-dev too since this has a generic PHP-MySQL SQL Injection Vuln question as well).

I was working on this vulnerability. I came across the following advisory on SecurityFocus-BugTraq:

http://online.securityfocus.com/archive/1/301572

I find that Php's mysql_query() only allows one SQL query per call. This makes the above vuln non-exploitive, I think.

If not, I would like to know how to inject some SQL content between "LIKE '%" and "%'" (without the " s) and get some meaningful/useful response from the server through the mysql_query() query. I have tried the usual injections, and only get an error from anything that splits the above with semicolons.

Thanks,
Vinay. Received on Fri Dec 27 20:47:26 2002

This message: [ Message body ]
Next message: xa6 at g-Con: "ASM OpenBSD"
Previous message: Dan Kaminsky: "Release: Paketto Keiretsu 1.10"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT

Do you need help?