Network Security: Detailed info on Re: Security of magic_quotes

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Security of magic_quotes_gpc under PHP against SQL injection

from [Stefano Di Paola] Network Security

[Permanent Link]

Subject:	Re: Security of magic_quotes_gpc under PHP against SQL injection
Date:	Sat, 17 Dec 2005 10:47:58 +0100

There's a way to bypass magic_quotes_gpc if your input is urldecoded by 
urldecode($_GET['input']) function on some point of your script.

infact 

url?input=%2527 

becomes inside your script $_GET['input']=%27 which is not backslashed
because php doesnt normalize  encoding.
Then  urldecode(%27)='

so magic quotes could be bypassed if urldecode is applied to input vars.
(php 4.4.1)

And, yes mysql_real_escape_string could be the good one but it always
depends on how and when your input is manipulated by other functions.

Regards 

Stefano 



 
-- 

......---oOOo--------oOOo---......
Stefano Di Paola
Software Engineer
Email: stefano.dipaola_at_wisec.it
Email: stefano.dipaola1_at_tin.it
Web: www.wisec.it
..................................

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Security of magic_quotes_gpc under PHP against SQL injection, Todd Hendricks Re: Security of magic_quotes_gpc under PHP against SQL injection, Steve Slater Re: Security of magic_quotes_gpc under PHP against SQL injection, Peter Conrad Re: Security of magic_quotes_gpc under PHP against SQL injection, ascii Re: Security of magic_quotes_gpc under PHP against SQL injection, Stefano Di Paola <=

Previous by Date:	RE: PCI DSS Compliance, Craig Wright
Next by Date:	Mambo, Coppermine and PHPBB Attacks, Mark Ryan del Moral Talabis
Previous by Thread:	Re: Security of magic_quotes_gpc under PHP against SQL injection, ascii
Next by Thread:	[Full-disclosure] Fuzzing testing webapp?, Mark Sec
Indexes:	[Date] [Thread] [Top] [All Lists]