From: Josh Zlatin-Amishav (josh@tkos.co.il)
Date: Thu Jan 19 2006 - 04:15:12 EST
On Wed, 18 Jan 2006, John Madden wrote:
> Hi,
>
> I'm pentesting a web site and i get the following
> error message while using a single quote: ex.
> /confirm.php?conf='test123
>
> Warning: mysql_fetch_row(): supplied argument is not a
> valid MySQL result resource in /xx/xx/confirm.php on
> line 5
[...snip]
>
> And how do we fix this vulnerability ? Besides the PHP
> code itself (sanitize user input), is it a PHP setting
> (php.ini) ?
You might also want to set display_errors = Off in php.ini.
-- - Josh ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:23 EDT