[VIM] On SQL injection and PHP mysql_query...

Sullo sullo at cirt.net
Mon Jun 26 17:31:37 EDT 2006

Quoting "Steven M. Christey" <coley at linus.mitre.org>:

> On Mon, 26 Jun 2006, Sullo wrote:
>> Won't it allow you to use a union, such as:
>>   'union select ...' when injected into $limit?
> My understanding is that the union has to happen before the order by...

well in my db here I did:
select * from table1 order by 'union select * from table2';

which lead me to believe it's possible. However I've decided that the  
text between the ' marks is being treated as a name and not an sql  
statement, which makes sense.

so, nevermind :-)

However, injecting a ' would still throw an error... which does not  
mean it's exploitable, but means you are injecting something into the  
sql stream.  perhaps we need a new term for "sql termination" rather  
than "sql injection"?


http://www.cirt.net/      |     http://www.osvdb.org/

More information about the VIM mailing list