sql injection with magic quotes on

General technological topics without their own forum go here

sql injection with magic quotes on

Post by whizzle on Mon Nov 23, 2009 6:00 am
([msg=30677]see sql injection with magic quotes on[/msg])

magic quotes: http://www.php.net/manual/en/info.confi ... quotes-gpc

Is there a way to sql inject a system that has magic quotes enabled? Entering
x' OR 1=1--
in a form outputs
x\' OR 1=1--
which obviously doesn't work.

Any ideas?
whizzle
New User
New User
 
Posts: 2
Joined: Mon Oct 05, 2009 2:50 am
Blog: View Blog (0)


Re: sql injection with magic quotes on

Post by Goatboy on Mon Nov 23, 2009 10:14 am
([msg=30686]see Re: sql injection with magic quotes on[/msg])

As far as I know, Magic Quotes uses the built-in addslashes() function to escape characters, and is reliant on Unicode. This means it could be vulnerable to certain types of character encoding. A quick Wikipedia search confirms this. Third point under Criticism.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: sql injection with magic quotes on

Post by whizzle on Thu Nov 26, 2009 3:11 am
([msg=30747]see Re: sql injection with magic quotes on[/msg])

good idea. I read up a bit but I couldn't actually get the unicode to translate to it's char. It would come out as the literal U+0027 or N0027. Do you have any tips on out to get it to parse the unicode or how to inject unicode SQL?

-- Wed Dec 09, 2009 10:35 pm --

bump.
whizzle
New User
New User
 
Posts: 2
Joined: Mon Oct 05, 2009 2:50 am
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests