SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: Script exploits

  1. #1
    SitePoint Zealot New Oddity's Avatar
    Join Date
    Jun 2001
    Location
    Georgia
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Script exploits

    Okay... I'm not a malicious hacker... I'm just worried for security and idiot proofing my scripts. Are there any ways that to avoid magic quotes... ie. putting into a form field - "; delete from table; - So that when the field contents are submited it would try to empty out 'table', but it changes " to \", any way to change it?
    --Odd
    "We all live in a yellow subroutine."
    "Some call it insanity; I call it inspiration!"

  2. #2
    SitePoint Enthusiast Stallion's Avatar
    Join Date
    Jan 2001
    Location
    Cumberland, RI, US
    Posts
    97
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its not possible to execute a DELETE at the end of a SELECT, but there are still numerous other exploits that can be found in many scripts. Check out my sig if you think your application needs a security evaluation.
    /* Chris Lambert - chris@php.net
    WhiteCrown Networks, CTO - Web Application Security
    vBulletin, Security Programmer - Instant Community
    */

  3. #3
    SitePoint Zealot sifuhall's Avatar
    Join Date
    Jun 2001
    Location
    out of the sidehatch
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just tested the following code to verify this:

    Code:
    select * from test; delete from test where email="test";
    and guess what happened?

    It returned the table, then deleted the record.

    Granted this was just on the command line for MySQL.


    Stallion, what does PHP do to prevent this?

  4. #4
    SitePoint Enthusiast Stallion's Avatar
    Join Date
    Jan 2001
    Location
    Cumberland, RI, US
    Posts
    97
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, that would happen from the command line.

    PHP only allows one query, and its standard procedure to not stick the semicolon at the end of that one query. If there is a semi colon, I believe PHP will just chop off the extra statements on the end.
    /* Chris Lambert - chris@php.net
    WhiteCrown Networks, CTO - Web Application Security
    vBulletin, Security Programmer - Instant Community
    */


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •