Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Posible security bug in phpMyWebhosting
From: Udo Mueller <info () cs-ol de>
Date: Fri, 20 Aug 2004 09:31:03 +0200

Hallo Daniel,

begin  * Daniel Souza schrieb [20-08-04 02:01]:

may your server is configured with magic_quotes disabled, so, the " is not
slashed and we have a basic sql injection. Im not sure because I have not
seen the source codes to say that, but it's what looks like. Is there a
addslashes in the code ?

In Debian magic_quotes = On is standard.

I should add addslashes in the code. Thank you!


Gruss Udo
Ohne Signatur!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]