Penetration Testing mailing list archives
magic_quotes
From: Wojciech Pawlikowski <wojtek () vline pl>
Date: Mon, 10 Jan 2005 12:31:27 +0100
Hey, I'm doing penetration test for some company using OSSTMM methodology. During information gathering stage I've found some SQL injection bug in their webapp. All I know is they've got some Oracle DB and Linux webserver with mod_php4 module. My problem is perhaps well known - is there any possibility to bypass magic_quotes protection ? PHP is 4.3.2, but I don't remember any vulnerability regarding magic_quotes in this version. -- * Wojciech Pawlikowski :: <ducer at hard-core pl> :: NIC-HDL WP5161-RIPE * * http://ducer.w00nf.org :: http://www.knockdownhc.com :: Born to Hate *
Current thread:
- magic_quotes Wojciech Pawlikowski (Jan 10)