|
Hi,
I'm looking at a web application I
built some time back and I found this line:
$sth = $dbh->prepare("insert into projects
values(null,\"$project\")");
I'm using Perl.
This works quite exploitable to me since $project comes directly from user
without any validation :)
The thing is that I'm yet to find a way to exploit it on the MySQL database
I'm using.
I tried to make $project like:
"); insert into other_table value(bla, bla
but prepare only runs one command and complains about this...
I also tried
" + (insert into other_table value(bla, bla
And a bunch of combinations but I still didn't get the right touch at it
and I would like to understand how these things work.
Reading this list is quite helpuful, I already found a dozen ways to DoS my
application with the insertion of scripts.
I think my app was (was?) really.. :) insecure.
Thanks!
Paulo Pereira
|
- Re: [Full-Disclosure] Question: is this exploitable? Paulo Pereira
- Re: [Full-Disclosure] Question: is this exploit... Jonathan A. Zdziarski
- Re: [Full-Disclosure] Question: is this exp... Jason Dixon
- Re: [Full-Disclosure] Question: is this exploit... Randal L. Schwartz
- Re: [Full-Disclosure] Question: is this exploit... Codex
- Re: [Full-Disclosure] Question: is this exp... Jonathan A. Zdziarski
- Re: [Full-Disclosure] Question: is this... Paul Tinsley
- Re: [Full-Disclosure] Question: is ... Jonathan A. Zdziarski
- Re: [Full-Disclosure] Question... Paul Tinsley
