[36196] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Posible security bug in phpMyWebhosting

daemon@ATHENA.MIT.EDU (Udo Mueller)
Fri Aug 20 22:10:28 2004

Date: Fri, 20 Aug 2004 09:31:03 +0200
From: Udo Mueller <info@cs-ol.de>
To: bugtraq@securityfocus.com
Message-ID: <20040820073103.GA5086@cs-ol.de>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <006801c48672$d05bb000$0301010a@value>

Hallo Daniel,

begin  * Daniel Souza schrieb [20-08-04 02:01]:
> 
> may your server is configured with magic_quotes disabled, so, the " is not
> slashed and we have a basic sql injection. Im not sure because I have not
> seen the source codes to say that, but it's what looks like. Is there a
> addslashes in the code ?

In Debian magic_quotes = On is standard.

I should add addslashes in the code. Thank you!

end  

Gruss Udo
-- 
Ohne Signatur!


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[36196] in bugtraq

Re: Posible security bug in phpMyWebhosting

daemon@ATHENA.MIT.EDU (Udo Mueller)Fri Aug 20 22:10:28 2004

daemon@ATHENA.MIT.EDU (Udo Mueller)
Fri Aug 20 22:10:28 2004