Network Security: Detailed info on Re: Blind SQL Injection / Stored procedures

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Re: Blind SQL Injection / Stored procedures

from [ascii] Network Security

[Permanent Link]

Subject:	Re: Blind SQL Injection / Stored procedures
Date:	Fri, 18 Nov 2005 14:28:26 +0100

LAROUCHE Francois wrote:

Now the problem with PHP is that under the version 5

> (not sure at 100%) there is nothing that prevents SQL
> injection since the SQL is inline in the code.
> Even with magic quotes it's dangerous since you can
> achieve SQL injection without a single quote (when
> there is an integer argument for instance).

you have to do your checks manually

personally i don't love magic quotes and prefer to do
the stuff myself

writing secure queries isn't a big effort, i think that
a programmer uses about 5min+ in a day for validating
user input

there are two points to keep in memory:

1) use the single quotes _also_ on integers
   WHERE id = $id must be WHERE `id` = '$id'

2) use some validation functions and casting
   $input = (int)intval($input);
   and _always_ use the mysql_real_escape_string()
   (or an equivalent one) also on ints
   $input = mysql_real_escape_string($input);

morale: php core developers are right, php developers
have to move on and quickly

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Blind SQL Injection / Stored procedures, (continued) Re: Blind SQL Injection / Stored procedures, Adam Tuliper Re: Blind SQL Injection / Stored procedures, Laramies RE: Blind SQL Injection / Stored procedures, Victor Chapela RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois RE: Blind SQL Injection / Stored procedures, Andres Molinetti RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois Re: Blind SQL Injection / Stored procedures, Phillip Powell RE: Blind SQL Injection / Stored procedures, Evans, Arian Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures, Frederic Charpentier RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois Re: Blind SQL Injection / Stored procedures, ascii <=

Previous by Date:	RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois
Next by Date:	IIS Security, Schmidt, Albert E
Previous by Thread:	RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois
Next by Thread:	Books on pentesting, Geert VAN ACKER
Indexes:	[Date] [Thread] [Top] [All Lists]