> Date: Sunday, June 21, 2015 12:39:06 PM -0400 > From: Aziz Saleh <azizsaleh@xxxxxxxxx> > > On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine <lester@xxxxxxxxxxx> > wrote: > >> OK - this had no chance of success since publish_date_desc is >> processed using the _desc ( or _asc ) and any invalid data >> stripped >> >> >> &sort_mode=publish_date_desc%20or%20(1,2)=(select*from(select%20n >> ame_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const >> (CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3 >> D1 >> >> The question is more of interest in just what it was trying to >> achieve? I presume hack MySQL? So Firebird would barf anyway, but >> just trying to something that has generated some several hundred >> error log entries in the last two days ... >> >> Lester Caine - G8HFL >> >> > The sub-query is invalid, if valid it would've been equivalent to: > or (1,2)=(select*from(select 'b2xvbG9zaGVy' as 1, 'b2xvbG9zaGVy' > as 1))a) -- and 1=1 > > Seems non threatening to me. Regardless of whether this specific attack could have resulted in harmful sql injection or not, user input should be sanitized so that things never get this far. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
