From: Danux (danuxx@gmail.com)
Date: Tue Oct 02 2007 - 17:38:23 EDT
Hi, is there a way to bypass PHP magic_quotes in order to run MSSQL
SQL Injection tests.
Mainly the char ' is being converted to "\' " by the PHP app.
I have ridden that with base64_decode is possible to bypass
magic_quotes but i havent founded an example.
Thanks!!!
-- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:08 EDT