#8 PHP error when trying SQLi

Version 2.x
closed-fixed
nobody
5
2013-03-01
2013-02-28
plaverty9
No

Using:
Version: 2.4.7 Security Level: 0 (Hosed) Hints: Disabled (0 - I try harder) Not Logged In

When I put a ' (the single apostrophe, on the same key as the ") in the username or password field on the http://localhost/mutillidae/index.php?page=login.php page, I get a php error: Fatal error: Call to undefined method Exception::getPrevious() in /Applications/MAMP/htdocs/mutillidae/classes/CustomErrorHandler.php on line 139

However, submitting valid SQLi like this one, works without error and I'm admin: ' or 1=1#

I'm happy to answer any questions about my setup or usage or if you need screenshots.

Thank you Jeremy, I'm looking to use Mutillidae as my platform at an OWASP (Rhode Island) meeting Monday night.

Patrick Laverty
Patrick_Laverty@brown.edu
http://twitter.com/plaverty9

Discussion

  • plaverty9

    plaverty9 - 2013-02-28

    Additionally, changing the PHP error reporting in my php.ini file does not fix this either.

     
  • plaverty9

    plaverty9 - 2013-02-28

    I also just tried this in the login screen in the username field: ' UNION select current_user# and got the same error message

     
  • Jeremy Druin

    Jeremy Druin - 2013-03-01
    • status: open --> closed-fixed
     
  • Jeremy Druin

    Jeremy Druin - 2013-03-01

    Added support for Mac OSX running MAMP with older versions of PHP 5.2.x. getPrevious method comes with PHP 5.3.0. NOWASP will check if the method is available to the user.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks