Bugtraq: Re: Posible security bug in phpMyWebhosting

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Posible security bug in phpMyWebhosting

From: Udo Mueller <info () cs-ol de>
Date: Fri, 20 Aug 2004 09:31:03 +0200

Hallo Daniel,

begin  * Daniel Souza schrieb [20-08-04 02:01]:


may your server is configured with magic_quotes disabled, so, the " is not
slashed and we have a basic sql injection. Im not sure because I have not
seen the source codes to say that, but it's what looks like. Is there a
addslashes in the code ?


In Debian magic_quotes = On is standard.

I should add addslashes in the code. Thank you!

end  

Gruss Udo
-- 
Ohne Signatur!

By Date By Thread

Current thread:

Posible security bug in phpMyWebhosting Matias Neiff (Aug 14)
- <Possible follow-ups>
- Re: Posible security bug in phpMyWebhosting Müller (Aug 19)
  - Re: Posible security bug in phpMyWebhosting Daniel Souza (Aug 20)
    - Re: Posible security bug in phpMyWebhosting Udo Mueller (Aug 20)
- Re: Fwd: Re: Posible security bug in phpMyWebhosting Matias Neiff (Aug 23)