From: Andrew Court (andrew.court@bt.com)
Date: Thu Oct 04 2007 - 15:11:37 EDT
Why cant you just turn Magic quotes off?
Andrew Court
IT Security Specialist | BT Retail - Ireland |
E:Andrew.Court@bt.com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899|
www.btireland.com
-----Original Message-----
From: Danux [mailto:danuxx@gmail.com]
Sent: 03 October 2007 23:25
To: pen-test@securityfocus.com
Subject: SQL Injection- Bypassing magic_quotes
Hi, is there a way to bypass PHP magic_quotes in order to run MSSQL SQL
Injection tests. Mainly the char ' is being converted to "\' " by the
PHP app.
I have ridden that with base64_decode is possible to bypass magic_quotes
but i havent founded an example.
Thanks!!!
-- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:09 EDT