Bugtraq: Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)

From: Benjamin Schulz <lists () hnc cc>
Date: Wed, 14 May 2003 14:57:28 +0200

Hi Rynho,

if(!isset($cid) || $cid == NULL || $cid == "" || !is_numeric ($cid))
{
    echo "I don't like you >:|";
    exit();
}


you know that $cid == NULL equals $cid == ""? (int)0, too btw.
either check $cid == '' (what is 0 & NULL, too)
or $cid === NULL || $cid === '',
or empty($cid)

Mit freundlichen Gruessen / Kind regards
-- 
Benjamin Schulz

There are 10 types of people: those who understand binary and
those who don't.

By Date By Thread

Current thread:

Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!) Albert Puigsech Galicia (May 12)
- Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!) Rynho Zeros Web (May 13)
  - Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!) Benjamin Schulz (May 15)