[VIM] On SQL injection and PHP mysql_query...
Steven M. Christey
coley at linus.mitre.org
Mon Jun 26 18:11:07 EDT 2006
On Mon, 26 Jun 2006, Heinbockel, Bill wrote:
> So that brings the question, is the failing of an SQL query
> really a security vulnerability? I know that Steve refers to
> these as "forced SQL errors", but there a threat here?
If it produces a verbose error message that leads to things like path
disclosure, then I think it's reasonable to include it. But if all you
get is a generic "SQL query is malformed" error message, then I don't
think of it as security relevant at all. I've occasionally used that
reasoning to concur with a vendor dispute.
> Or likewise, is the injection of tags into a PHP program that
> prevents the proper display of a page (but is somehow immune
> to XSS -- maybe by only accepting the < character or something)?
This is probably dependent on context, although I don't remember running
across any good examples of this. Maybe if the page is a log page that
should be viewed by an admin, where the bug could be used by the attacker
to hide their tracks...
More information about the VIM