I am running Mutillidae 2.3.9 it on the latest Debian stable (6.0.6) on a x86 VM.
PHP is version 5.3.3.-7+squeeze14
Mysql is version 5.1.63-0+squeeze1
magic_quotes are disabled, suhoshin is not installed.
However, I ran into a problem which I a\'m not sure if it is a real problem or if I am just too stupid to figure it out ;)
The very first SQL Injection \\\" \\\' or 1=1 -- \\\" wouldn\\\'t work with my setup - but it was throwing up error messages that didn\\\'t fit the expected SQL Injection errors (see screenshot).
Turns out the SQL-Statement inside \\\"process-login-attempt.php\\\" didn\\\'t like the \\\"\\\'or 1=1 --\\\".
Line 45: $LogHandler->writeToLog(\\\"Attempt to log in by user: \\\" . $username);
After turning that into
$LogHandler->writeToLog(\\\"Attempt to log in by user: \\\" $MySQLHandler->escapeDangerousCharacters($username));
the SQL Injection on the login form would work as expected (sounds weird ;)).
I am not sure if I am just missing a point here and I\\\'m a complete idiot or if that is in fact a bug.
Log in to post a comment.