[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Question: is this exploitable?

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Question: is this exploitable?
From: "Paulo Pereira" <pjp@paulo-pereira.net>
Date: Sat, 18 Oct 2003 15:28:09 +0300

Hi,

I'm looking at a web application I built some time back and I found this line:

$sth = $dbh->prepare("insert into projects values(null,\"$project\")");

I'm using Perl. 

This works quite exploitable to me since $project comes directly from user 
without any validation :)

The thing is that I'm yet to find a way to exploit it on the MySQL database I'm 
using.

I tried to make $project like:

"); insert into other_table value(bla, bla

but prepare only runs one command and complains about this...

I also tried

" + (insert into other_table value(bla, bla

And a bunch of combinations but I still didn't get the right touch at it and I 
would like to understand how these things work.

Reading this list is quite helpuful, I already found a dozen ways to DoS my 
application with the insertion of scripts.

I think my app was (was?) really.. :) insecure.

Thanks!

Paulo Pereira

Follow-Ups:
- Re: [Full-Disclosure] Question: is this exploitable?
  - From: "Jonathan A. Zdziarski" <jonathan@nuclearelephant.com>
- Re: [Full-Disclosure] Question: is this exploitable?
  - From: merlyn@stonehenge.com (Randal L. Schwartz)
- Re: [Full-Disclosure] Question: is this exploitable?
  - From: "Codex" <codex@bogus.net>

Prev by Date: [Full-Disclosure] [IE] Pure html DOS although some version require minor user interaction ( highlighting/minimising )
Next by Date: Re: [Full-Disclosure] Question: is this exploitable?
Previous by thread: [Full-Disclosure] Re: Pure html DOS although some version require minor user interaction ( highlighting/minimising )
Next by thread: Re: [Full-Disclosure] Question: is this exploitable?
Index(es):
- Date
- Thread