Re: Posible security bug in phpMyWebhosting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Posible security bug in phpMyWebhosting
From: Udo Mueller <info@xxxxxxxx>
Date: Fri, 20 Aug 2004 09:31:03 +0200
In-reply-to: <006801c48672$d05bb000$0301010a@value>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: ComputerService Mueller
References: <20040819080719.12239.qmail@xxxxxxxxxxxxxxxxxxxxx> <006801c48672$d05bb000$0301010a@value>
Sender: Udo Mueller <info@xxxxxxxx>
User-agent: Mutt/1.3.28i

Hallo Daniel,

begin  * Daniel Souza schrieb [20-08-04 02:01]:
> 
> may your server is configured with magic_quotes disabled, so, the " is not
> slashed and we have a basic sql injection. Im not sure because I have not
> seen the source codes to say that, but it's what looks like. Is there a
> addslashes in the code ?

In Debian magic_quotes = On is standard.

I should add addslashes in the code. Thank you!

end  

Gruss Udo
-- 
Ohne Signatur!

Follow-Ups:
- Re: Posible security bug in phpMyWebhosting
  - From: Udo Mueller

References:
- Re: Posible security bug in phpMyWebhosting
  - From: Müller
- Re: Posible security bug in phpMyWebhosting
  - From: Daniel Souza

Prev by Date: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection
Next by Date: Re: First vulnerabilities in the SP2 - XP ?...
Previous by thread: Re: Posible security bug in phpMyWebhosting
Next by thread: Re: Posible security bug in phpMyWebhosting
Index(es):
- Date
- Thread