Home page logo

pen-test logo Penetration Testing mailing list archives

Quite basic SQL injection question
From: Alexandre De Dommelin <adedommelin () tuxz net>
Date: Mon, 18 Apr 2011 09:51:46 +0200

Hi all,

I'm evaluating PHP/Mysql code and I found a problem, in the following code :
FROM table1 m JOIN table2 t
ORDER BY m.field1, t.field2

I'm able to inject everything I want into $condition, but I can't manage to
make the ORDER clause to be ignored (using -- /* ...), which leads to an sql
I'm sure it's quite stupid but I have to admit that i'm stucked ...

Do you have an idea ?



Attachment: signature.asc
Description: Digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]