Re: SQL Injection- Bypassing magic_quotes

From: Danux (danuxx@gmail.com)
Date: Mon Oct 08 2007 - 20:49:37 EDT


As usual, thanks for your excellent help.

On 10/5/07, Jorge Hoya <aquinadie@gmail.com> wrote:
> Hi Danux and all,
> maybe this forum post (in spanish) could help you [1]
>
> [1] http://www.wadalbertia.org/phpBB2/viewtopic.php?t=3200&highlight=inyeccion+sql+conversion+tipos
>
> 2007/10/4, Andrew Court <andrew.court@bt.com>:
> > Why cant you just turn Magic quotes off?
> >
> > Andrew Court
> >
> > IT Security Specialist | BT Retail - Ireland |
> > E:Andrew.Court@bt.com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899|
> > www.btireland.com
> >
> >
> >
> > -----Original Message-----
> > From: Danux [mailto:danuxx@gmail.com]
> > Sent: 03 October 2007 23:25
> > To: pen-test@securityfocus.com
> > Subject: SQL Injection- Bypassing magic_quotes
> >
> >
> > Hi, is there a way to bypass PHP magic_quotes in order to run MSSQL SQL
> > Injection tests. Mainly the char ' is being converted to "\' " by the
> > PHP app.
> >
> > I have ridden that with base64_decode is possible to bypass magic_quotes
> > but i havent founded an example.
> >
> > Thanks!!!
> >
> > --
> > Danux, CISSP
> > Chief Information Security Officer
> > Macula Security Consulting Group
> > www.macula-group.com
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> >
>
>
> --
> << El futuro está oculto detrás de los hombres que lo hacen >>
> [ http://www.nosoynadie.net/ ]
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:09 EDT