[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Question: is this exploitable?
- To: "Paulo Pereira" <pjp@paulo-pereira.net>, <full-disclosure@lists.netsys.com>
- Subject: Re: [Full-Disclosure] Question: is this exploitable?
- From: "Codex" <codex@bogus.net>
- Date: Sat, 18 Oct 2003 19:30:41 +0100
one way of doing it:
$query=sprintf("insert into projects values(null,%s)",dbh->quote($project));
$sth = $dbh->prepare($query);
-cdx
----- Original Message -----
From: Paulo Pereira
To: full-disclosure@lists.netsys.com
Sent: Saturday, October 18, 2003 1:28 PM
Subject: [Full-Disclosure] Question: is this exploitable?
Hi,
I'm looking at a web application I built some time back and I found this
line:
$sth = $dbh->prepare("insert into projects values(null,\"$project\")");
I'm using Perl.
This works quite exploitable to me since $project comes directly from user
without any validation :)
The thing is that I'm yet to find a way to exploit it on the MySQL database
I'm using.
I tried to make $project like:
"); insert into other_table value(bla, bla
but prepare only runs one command and complains about this...
I also tried
" + (insert into other_table value(bla, bla
And a bunch of combinations but I still didn't get the right touch at it and
I would like to understand how these things work.
Reading this list is quite helpuful, I already found a dozen ways to DoS my
application with the insertion of scripts.
I think my app was (was?) really.. :) insecure.
Thanks!
Paulo Pereira
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html