ID: 41389 Updated by: [EMAIL PROTECTED] Reported By: bskandmon at hotmail dot com -Status: Open +Status: Bogus Bug Type: MySQL related Operating System: unknow PHP Version: 5.2.2 New Comment:
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php mysql_error() just passed the original error message from the database. The function doesn't know what you are doing with the returned value. (logging ...) So no escaping can be done. As a general notice: If the user can generate a MySQL error you have most likely a bigger problem than XSS: SQL injection. Previous Comments: ------------------------------------------------------------------------ [2007-05-14 19:57:17] bskandmon at hotmail dot com Description: ------------ I'm french and I'm 15, so excuse me for my verry verry bad english. I've found an xss fail in mysql_error(). You've just to do a synthax error (whit " in my example) and write your script after the ". Reproduce code: --------------- $var = '"<script>alert(\'Hi ! Xss discovered !\')</script>'; $rep = mysql_query('SELECT pseudo FROM membres where pseudo = "'.$var.'"'); if (!$rep) { echo '<br><b>Transmettre aux administrateurs : (via la page contact ou par mp) '.mysql_error().'</b>'; } else { return $rep; } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41389&edit=1
