Re: Issues with pulling out data from MySQL

To: Kirk Strauser <kirk@strauser.com>
Cc: debian-user@lists.debian.org
Subject: Re: Issues with pulling out data from MySQL
From: andre@nullroute.co.uk
Date: Thu, 25 Mar 2004 18:57:37 -0500
Message-id: <[🔎] 1080259057.406371f1e108f@mail.nullroute.co.uk>
In-reply-to: <[🔎] 87r7vgzdyf.fsf@strauser.com>
References: <[🔎] OFAD131009.292E46A4-ON85256E60.007832E2-85256E60.00780100@sncorp.intranet.com> <[🔎] 86hdwdxvru.fsf@eu.uu.net> <[🔎] 20040325191347.GD32318@infidel.spots.ab.ca> <[🔎] 1080245062.40633b465d6eb@mail.nullroute.co.uk> <[🔎] slrnc66j6n.9m7.spam@home.bounceswoosh.org> <[🔎] 1080252888.406359d8b9336@mail.nullroute.co.uk> <[🔎] 87r7vgzdyf.fsf@strauser.com>

Thanks Kirk for the insight.  The DB is offline at the moment and can not be
reached except for people connected to my LAN, which might explain something. 
I will google this evening for PHP injections, and I greatly appreciate the
direction.  Is there anything that i should be currently looking for withing
the DB or my box to see if someone has corrupted my tables or anything else to
that matter?

Cheers,

dre


Quoting Kirk Strauser <kirk@strauser.com>:

> At 2004-03-25T22:14:48Z, andre@nullroute.co.uk writes:
> 
> > <html>
> > <body>
> > <?php
> > $db = mysql_connect("localhost", "root");
> > mysql_select_db("dtrackLog",$db);
> > if ($submit) {
> >   if ($ExID) {
> >     $sql = "UPDATE TL_Exploit SET
> >
>
LogID='$LogID',OfficialName='$OfficialName',BugTraqID='$BugTraqID',PublishedDate='$PublishedDate',Type='$Type',Range='$Range',Damage='$Damage',OnlineReferences='$OnlineReferences',
> >
>
SoftwareAffected='$SoftwareAffected',NotVulnerable='$NotVulnerable',Symptoms='$Symptoms',HowTo='$HowTo',ObjectAffected='$ObjectAffected',Discussion='$Discussion',Credits='$Credits',WHERE
> > ExID=$ExID";
> 
> You're relying on a major security flaw in PHP (injecting GET/POST data into
> the global namespace) for functionality.  Also, your database queries are
> incredibly dangerous; google for "SQL injection" for more information.
> 
> Basically, I could 0wn your website in about 5 minutes, and so could anyone
> else so motivated.  I suggest you take this offline immediately until it can
> be fixed.
> -- 
> Kirk Strauser
> In Googlis non est, ergo non est.
>

Reply to:

Follow-Ups:
- Re: Issues with pulling out data from MySQL
  - From: Kirk Strauser <kirk@strauser.com>

References:
- switching window managers and session managers - update-alternatives ?
  - From: Jerry_Bash@spectral-sys.com
- Re: switching window managers and session managers - update-alternatives ?
  - From: Kai Grossjohann <kgrossjo@eu.uu.net>
- Re: switching window managers and session managers - update-alternatives ?
  - From: "s. keeling" <keeling@spots.ab.ca>
- Issues with pulling out data from MySQL
  - From: andre@nullroute.co.uk
- Re: Issues with pulling out data from MySQL
  - From: "Monique Y. Herman" <spam@bounceswoosh.org>
- Re: Issues with pulling out data from MySQL
  - From: andre@nullroute.co.uk
- Re: Issues with pulling out data from MySQL
  - From: Kirk Strauser <kirk@strauser.com>

Prev by Date: Shell pipe command with key pause
Next by Date: Re: email signatures
Previous by thread: Re: Issues with pulling out data from MySQL
Next by thread: Re: Issues with pulling out data from MySQL
Index(es):
- Date
- Thread