Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
From: Benjamin Schulz <lists () hnc cc>
Date: Wed, 14 May 2003 14:57:28 +0200

Hi Rynho,

if(!isset($cid) || $cid == NULL || $cid == "" || !is_numeric ($cid))
{
    echo "I don't like you >:|";
    exit();
}

you know that $cid == NULL equals $cid == ""? (int)0, too btw.
either check $cid == '' (what is 0 & NULL, too)
or $cid === NULL || $cid === '',
or empty($cid)

Mit freundlichen Gruessen / Kind regards
-- 
Benjamin Schulz

There are 10 types of people: those who understand binary and
those who don't.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault