From: DokFLeed (dokfleed@dokfleed.net)
Date: Wed Jan 17 2007 - 02:10:25 EST
Hi,
I posted this earlier to webappsec@securityfocus.com with no luck ,
does anyone know how to bypass magic quotes? a proven working way .
example is, in such a simple SQL like
"SELECT * from USERS WHERE id =$id";
I am looking for ways to by pass magic quotes to inject this
INTO OUTFILE '/home/z.php'
point is, if magic quotes can stop this, so why is it going to be removed in
php6? it can simply stay and be activated or deactivated on will.
and if there is a way to by pass, I want to include it in my check GET/POST
inputs.
cheers
DokFLeed
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:32 EDT