#8 PHP error when trying SQLi

Version 2.x
closed-fixed
nobody
5
2013-03-01
2013-02-28
plaverty9
No

Using:
Version: 2.4.7 Security Level: 0 (Hosed) Hints: Disabled (0 - I try harder) Not Logged In

When I put a ' (the single apostrophe, on the same key as the ") in the username or password field on the http://localhost/mutillidae/index.php?page=login.php page, I get a php error: Fatal error: Call to undefined method Exception::getPrevious() in /Applications/MAMP/htdocs/mutillidae/classes/CustomErrorHandler.php on line 139

However, submitting valid SQLi like this one, works without error and I'm admin: ' or 1=1#

I'm happy to answer any questions about my setup or usage or if you need screenshots.

Thank you Jeremy, I'm looking to use Mutillidae as my platform at an OWASP (Rhode Island) meeting Monday night.

Patrick Laverty
Patrick_Laverty@brown.edu
http://twitter.com/plaverty9

Discussion

  • plaverty9
    plaverty9
    2013-02-28

    Additionally, changing the PHP error reporting in my php.ini file does not fix this either.

     
  • plaverty9
    plaverty9
    2013-02-28

    I also just tried this in the login screen in the username field: ' UNION select current_user# and got the same error message

     
  • Jeremy Druin
    Jeremy Druin
    2013-03-01

    • status: open --> closed-fixed
     
  • Jeremy Druin
    Jeremy Druin
    2013-03-01

    Added support for Mac OSX running MAMP with older versions of PHP 5.2.x. getPrevious method comes with PHP 5.3.0. NOWASP will check if the method is available to the user.