Re: [phpesp-dev] Possible SQL Injection

[Matthew G. <mat...@gm...>]

That is what I thought as well, just wanted more eyes on this.

On Thu, 2008-09-25 at 15:22 +0200, Franky Van Liedekerke wrote:
> IIRC the function _addslashes adds quotes itself, therefore no quotes
> are needed in the sql statement. I'll check this evening, but for now
> I would advise no action.
> 
> Franky
> 
> On Thu, Sep 25, 2008 at 3:05 PM, Matthew Gregg
> <mat...@gm...> wrote:
>         I received the message below, but don't have time to do a
>         thorough
>         investigation at the moment.  A quick look, seem like this is
>         not a
>         problem.  Anyone with more time please take a look.
>         
>         > File: phpESP/public/survey.php
>         > Lines:
>         >
>         > 15  $_name = _addslashes($_GET['name']);
>         > 25  $_sql = "SELECT id,title,theme FROM
>         > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name =
>         $_name";
>         >
>         > Since the variable $_name is not embedded in quotes, the
>         function
>         > addslashes will not prevent SQL injection attacks since the
>         attacker
>         > does not
>         > need to use quotes.
>         >
>         > PoC:
>         > survey.php?name=1 and 1=0 union select null, username,
>         password from
>         > designer
>         >
>         > Fix:
>         > 25  $_sql = "SELECT id,title,theme FROM
>         > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name =
>         '$_name'";
>         
>         
>         -------------------------------------------------------------------------
>         This SF.Net email is sponsored by the Moblin Your Move
>         Developer's challenge
>         Build the coolest Linux based applications with Moblin SDK &
>         win great prizes
>         Grand prize is a trip for two to an Open Source event anywhere
>         in the world
>         http://moblin-contest.org/redirect.php?banner_id=100&url=/
>         _______________________________________________
>         phpESP-devel mailing list
>         php...@li...
>         https://lists.sourceforge.net/lists/listinfo/phpesp-devel
>         
> 
> 
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________ phpESP-devel mailing list php...@li... https://lists.sourceforge.net/lists/listinfo/phpesp-devel