Penetration Testing mailing list archives
Re: Magic Quotes question
From: Tim <tim-pentest () sentinelchicken org>
Date: Mon, 22 Jan 2007 15:33:39 -0500
regardless all the possible ways and arguments, is there an actual way to bypass Magic Quotes? CHAR doesnt work, also %% doesnt work i.e. INTO OUTFILE 'D:/www/zin.php' would be INTO OUTFILE CHAR(39,68,58,47,199,199,199,47,122,105,110,46,112,104,112,39); and will not work any proven ideas?
The simplest answer I have for you is that bypassing magic quotes can be
done in some situations, but it largely depends on the following:
1. Which database backend you're using.
2. Where in a query you're attempting to inject, and what you're trying
to inject.
In your case, I don't believe what you're doing can be made to work on
MySQL. However, instead of going for the gold (writing a file for
remote execution), you accept the silver (do a UNION on other tables
with sensitive info), you can probably bypass it.
tim
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Current thread:
- Re: Magic Quotes question, (continued)
- Re: Magic Quotes question Tim (Jan 22)
- Re: Magic Quotes question Sanjay R (Jan 22)
- Wikto and googling Nicolás F . Iglesias (Jan 22)
- Re: Wikto and googling Adviser (Jan 23)
- Re: Wikto and googling Sels, Roger (Jan 23)
- RE: Wikto and googling Michael Starr (Jan 23)
- Re: Wikto and googling David Jacoby (Jan 23)
- RE: Wikto and googling Steve Armstrong (Jan 23)
- RE: Wikto and googling Ezequiel Sallis (Jan 23)
- Re: Magic Quotes question DokFLeed (Jan 22)
- Re: Magic Quotes question Tim (Jan 22)