SQL injection - PHP, MySQL, magic_quotes = on 
Author Message
 SQL injection - PHP, MySQL, magic_quotes = on

Quote:



>>Is this possible to make an sql injection attack on the PHP - MySQL
>>script when magic_quotes = on ? If yes, could you provide some
>>examples? Thanks in advance.
>>--
>>pozdrawia porzeraczmuzguw /Andrzej Wc3awski/
>>--{ http://*** }-- --{ http://www.*-*-*.com/ }--
>>--{ http://www.*-*-*.com/ }--
>>The only thing to fear, is running out of beer

> that's kinda an evil question :) ... are you trying to crash a script?

> probably a better idea would be to ask how to protect against this...

In any event, these kind of questions are very important and barely
anyone in here seems interested :-(

I have experimented with SQL injection, on my own system to prevent
attacks, and I believe keeping magic quotes on is a good thing.  So far,
I have been unable to issue SQL commands through gets / posts.

To help minimise attacks, you should create a separate SQL user with
limits on functions e.g. no DROPs etc

Also, you may want to give your databases / tables names that can be
easily stripped from user input (though this doesn't strip wildcards).
But of course, by detecting such actions your scripts could possibly
recognise an attempted attack and alert you (something I am toying with).

Any other input on this subject would be appreciated as this should be
of big concern to anyone serious about their developments.



Wed, 16 Mar 2005 07:35:52 GMT  
 SQL injection - PHP, MySQL, magic_quotes = on

-snip-

Quote:
> Any other input on this subject would be appreciated as this should be
> of big concern to anyone serious about their developments.

small footnote

Enclose all data in delimiters i.e. single quotes for mysql

i.e.

DELETE FROM foo WHERE id=$xyz

is vunerable to an injection attack.

DELETE FROM foo WHERE id='$xyz'

isn't.

It's also good practice to cast your data before using it

$xyz = (int)$xyz;

will stop any injection attack on autoincrement fields.

--
Regards, CJ Llewellyn
http://www.north-lincolnshire.com/
http://www.cjllewellyn.org.uk/



Thu, 17 Mar 2005 01:26:16 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. PHP, mySQL and connection to a SQL Database

2. SQL Server to MySQL thru PHP

3. sql injections

4. php mysql sample code php shareware like KB knowledgebase

5. PHP+MySQL vs. PHP+PostgreSQL

6. php + mysql or php + postgresql?

7. Using remote MySQL server with PHP via HTTP

8. Access Denied error using mySQL through PHP

9. PHP mysql_close(): supplied argument is not a valid MySQL-Link resource

10. PHP/MySQL: strange error

11. php mysql glitch

 

 
Powered by phpBB® Forum Software