[VIM] On SQL injection and PHP mysql_query...
sullo at cirt.net
Mon Jun 26 17:31:37 EDT 2006
Quoting "Steven M. Christey" <coley at linus.mitre.org>:
> On Mon, 26 Jun 2006, Sullo wrote:
>> Won't it allow you to use a union, such as:
>> 'union select ...' when injected into $limit?
> My understanding is that the union has to happen before the order by...
well in my db here I did:
select * from table1 order by 'union select * from table2';
which lead me to believe it's possible. However I've decided that the
text between the ' marks is being treated as a name and not an sql
statement, which makes sense.
so, nevermind :-)
However, injecting a ' would still throw an error... which does not
mean it's exploitable, but means you are injecting something into the
sql stream. perhaps we need a new term for "sql termination" rather
than "sql injection"?
http://www.cirt.net/ | http://www.osvdb.org/
More information about the VIM