Re: SQL injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine <lester@xxxxxxxxxxx> wrote:

> OK - this had no chance of success since publish_date_desc is processed
> using the _desc ( or _asc ) and any invalid data stripped
>
>
> &sort_mode=publish_date_desc%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1
>
> The question is more of interest in just what it was trying to achieve?
> I presume hack MySQL? So Firebird would barf anyway, but just trying to
> something that has generated some several hundred error log entries in
> the last two days ...
>
> --
> Lester Caine - G8HFL
> -----------------------------
> Contact - http://lsces.co.uk/wiki/?page=contact
> L.S.Caine Electronic Services - http://lsces.co.uk
> EnquirySolve - http://enquirysolve.com/
> Model Engineers Digital Workshop - http://medw.co.uk
> Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
The sub-query is invalid, if valid it would've been equivalent to:
 or (1,2)=(select*from(select 'b2xvbG9zaGVy' as 1, 'b2xvbG9zaGVy' as 1))a)
-- and 1=1

Seems non threatening to me.

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux