WebApp Sec mailing list archives
Re: Security of magic_quotes_gpc under PHP against SQL injection
From: Stefano Di Paola <stefano.dipaola () wisec it>
Date: Sat, 17 Dec 2005 10:47:58 +0100
There's a way to bypass magic_quotes_gpc if your input is urldecoded by urldecode($_GET['input']) function on some point of your script. infact url?input=%2527 becomes inside your script $_GET['input']=%27 which is not backslashed because php doesnt normalize encoding. Then urldecode(%27)=' so magic quotes could be bypassed if urldecode is applied to input vars. (php 4.4.1) And, yes mysql_real_escape_string could be the good one but it always depends on how and when your input is manipulated by other functions. Regards Stefano -- ......---oOOo--------oOOo---...... Stefano Di Paola Software Engineer Email: stefano.dipaola_at_wisec.it Email: stefano.dipaola1_at_tin.it Web: www.wisec.it ..................................
Current thread:
- Security of magic_quotes_gpc under PHP against SQL injection Todd Hendricks (Dec 10)
- Re: Security of magic_quotes_gpc under PHP against SQL injection Steve Slater (Dec 11)
- Re: Security of magic_quotes_gpc under PHP against SQL injection Peter Conrad (Dec 12)
- Re: Security of magic_quotes_gpc under PHP against SQL injection ascii (Dec 12)
- Re: Security of magic_quotes_gpc under PHP against SQL injection Stefano Di Paola (Dec 18)
- Re: Security of magic_quotes_gpc under PHP against SQL injection ascii (Dec 12)