[VIM] On SQL injection and PHP mysql_query...

Steven M. Christey coley at linus.mitre.org
Mon Jun 26 18:11:07 EDT 2006

On Mon, 26 Jun 2006, Heinbockel, Bill wrote:

> So that brings the question, is the failing of an SQL query
> really a security vulnerability? I know that Steve refers to
> these as "forced SQL errors", but there a threat here?

If it produces a verbose error message that leads to things like path
disclosure, then I think it's reasonable to include it.  But if all you
get is a generic "SQL query is malformed" error message, then I don't
think of it as security relevant at all.  I've occasionally used that
reasoning to concur with a vendor dispute.

> Or likewise, is the injection of tags into a PHP program that
> prevents the proper display of a page (but is somehow immune
> to XSS -- maybe by only accepting the < character or something)?

This is probably dependent on context, although I don't remember running
across any good examples of this.  Maybe if the page is a log page that
should be viewed by an admin, where the bug could be used by the attacker
to hide their tracks...

- Steve

More information about the VIM mailing list