Re: magic_quotes

["James Barkley" <James.Barkley () noaa gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://us3.php.net/manual/en/security.magicquotes.why.php states that
"Magic quotes are implemented in PHP to help code written by beginners
from being dangerous. Although SQL Injection
<security.database.sql-injection.php> is still possible with magic
quotes on, the risk is reduced."

It only escapes all ' (single-quote), " (double quote), \ (backslash)
and NULL characters are escaped with a backslash

Depends on the rest of their configuration but if they are using
Oracle their is a good chance you can find another way to exploit the
sql bug

James A. Barkley


Wojciech Pawlikowski wrote:

|Hey,
|I'm doing penetration test for some company using OSSTMM methodology.
|During information gathering stage I've found some SQL injection bug
|in their webapp. All I know is they've got some Oracle DB and Linux
|webserver with mod_php4 module.
|
|My problem is perhaps well known - is there any possibility to bypass
|magic_quotes protection ? PHP is 4.3.2, but I don't remember any
|vulnerability regarding magic_quotes in this version.
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFB5+nTVtbq2E0xxN0RAg+WAJ4xq+1K23kHhU/VTSemGJ+R562x4wCcDUa7
iQNBB/WY8sQMw4uoSaR7Az8=
=oUG5
-----END PGP SIGNATURE-----