#4 Simple SQL Injection not working

Version 2.x
closed-fixed
nobody
5
2014-08-22
2012-10-25
larsit0
No

I am running Mutillidae 2.3.9 it on the latest Debian stable (6.0.6) on a x86 VM.

PHP is version 5.3.3.-7+squeeze14
Mysql is version 5.1.63-0+squeeze1

magic_quotes are disabled, suhoshin is not installed.

However, I ran into a problem which I a\'m not sure if it is a real problem or if I am just too stupid to figure it out ;)

---

The very first SQL Injection \\\" \\\' or 1=1 -- \\\" wouldn\\\'t work with my setup - but it was throwing up error messages that didn\\\'t fit the expected SQL Injection errors (see screenshot).

Turns out the SQL-Statement inside \\\"process-login-attempt.php\\\" didn\\\'t like the \\\"\\\'or 1=1 --\\\".

Line 45: $LogHandler->writeToLog(\\\"Attempt to log in by user: \\\" . $username);

After turning that into

$LogHandler->writeToLog(\\\"Attempt to log in by user: \\\" $MySQLHandler->escapeDangerousCharacters($username));

the SQL Injection on the login form would work as expected (sounds weird ;)).

I am not sure if I am just missing a point here and I\\\'m a complete idiot or if that is in fact a bug.

Discussion

  • larsit0
    larsit0
    2012-10-25

    SQL Error

     
    Attachments
  • Jeremy Druin
    Jeremy Druin
    2013-01-12

    • status: open --> closed-fixed