Re: SQL Injection- Bypassing magic_quotes

From: Jorge Hoya (aquinadie@gmail.com)
Date: Fri Oct 05 2007 - 02:20:47 EDT

• Next message: SD List: "Re: java source code audit"
• Previous message: Brian Toovey: "Re: java source code audit"
• In reply to: Andrew Court: "RE: SQL Injection- Bypassing magic_quotes"
• Next in thread: Danux: "Re: SQL Injection- Bypassing magic_quotes"
• Reply: Danux: "Re: SQL Injection- Bypassing magic_quotes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Danux and all,
maybe this forum post (in spanish) could help you [1]

[1] http://www.wadalbertia.org/phpBB2/viewtopic.php?t=3200&highlight=inyeccion+sql+conversion+tipos

2007/10/4, Andrew Court <andrew.court@bt.com>:
> Why cant you just turn Magic quotes off?
>
> Andrew Court
>
> IT Security Specialist | BT Retail - Ireland |
> E:Andrew.Court@bt.com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899|
> www.btireland.com
>
>
>
> -----Original Message-----
> From: Danux [mailto:danuxx@gmail.com]
> Sent: 03 October 2007 23:25
> To: pen-test@securityfocus.com
> Subject: SQL Injection- Bypassing magic_quotes
>
>
> Hi, is there a way to bypass PHP magic_quotes in order to run MSSQL SQL
> Injection tests. Mainly the char ' is being converted to "\' " by the
> PHP app.
>
> I have ridden that with base64_decode is possible to bypass magic_quotes
> but i havent founded an example.
>
> Thanks!!!
>
> --
> Danux, CISSP
> Chief Information Security Officer
> Macula Security Consulting Group
> www.macula-group.com
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
<<  El futuro está oculto detrás de los hombres que lo hacen >>
[ http://www.nosoynadie.net/ ]
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: SD List: "Re: java source code audit"
• Previous message: Brian Toovey: "Re: java source code audit"
• In reply to: Andrew Court: "RE: SQL Injection- Bypassing magic_quotes"
• Next in thread: Danux: "Re: SQL Injection- Bypassing magic_quotes"
• Reply: Danux: "Re: SQL Injection- Bypassing magic_quotes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:09 EDT