magic_quotes

From: Wojciech Pawlikowski (wojtek@vline.pl)
Date: Mon Jan 10 2005 - 06:31:27 EST


Hey,
I'm doing penetration test for some company using OSSTMM methodology.
During information gathering stage I've found some SQL injection bug
in their webapp. All I know is they've got some Oracle DB and Linux
webserver with mod_php4 module.

My problem is perhaps well known - is there any possibility to bypass
magic_quotes protection ? PHP is 4.3.2, but I don't remember any
vulnerability regarding magic_quotes in this version.

-- 
* Wojciech Pawlikowski :: <ducer at hard-core pl> :: NIC-HDL WP5161-RIPE *
* http://ducer.w00nf.org :: http://www.knockdownhc.com ::  Born to Hate  * 


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT