Bugtraq mailing list archives
Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run
From: Wolfgang Heinemann <wolfgang () siwan1 siwan de>
Date: Mon, 2 Jul 2001 12:08:13 +0200 (MET DST)
On 1 Jul 2001 alias () securityfocus com wrote:
arbitrary PHP Codes as apache user. From: <sl4sh () ifrance com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Sun, 1 Jul 2001 23:43:17 GMT Message-id: <200107012343.115e () lh00 opsion fr> Note : sorry for my pity english. ***************************************************** ******************************* First of all, i want to ask a question, is it normal that if, in a MySQL query -via PHP-, i put "select * from $table" . "_files where ID=3D1" and i post table=3D"atable #", MySQL consider the new query as a valid one (so the final query will be "select * from atable") ? It's, in my opinion, a serious hole in MySQL query... (I use mysql_query() to do this)
It's not a MySQL problem, but a problem of writing good code ... You get the same problems when doing those things with eg. Oracle. You NEVER should concatenate sql queries. You'll have the same problems when concatenating requests that will be executed on system level. For example doing the lousy sendmail call from a CGI program without checking the parameters. One solution is to check the parameters for escape characters as it's been done in unix systme calls normally ... The better way is to bind all variables to a database call. This way the sql-query itself is a constant string. The bound parameters can't be manipulated (if the database engine does not contain any bugs ;-) I think it's a common mistale in of many (so called) programmers to contatenate the requests ... it's less typing ... So it's not a problem of MySQL and it's not a problem of PHP either. You can do the same things using perl for example ...
***************************************************** *******************************
...
e WAP... http://www.ifrance.com/_reloc/email.emailif
tschau Wolfgang
Current thread:
- phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run alias (Jul 02)
- Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run Wolfgang Heinemann (Jul 02)
- Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run Shaun Clowes (Jul 02)