HomepageChallengesQuestions, HintsWhete is bug?| Author | Post | |||
dodus86  |
hello! can you guys tell me where is bug in this code: <? include ('connect.php'); if (isset($_POST['tytul']) && isset($_POST['tresc'])) { $ty=substr($_POST['tytul'], 0, 50); // antiflood $tr=substr($_POST['tresc'], 0, 50); // magic_quotes is on $r=mysql_query("select * from blog_notes where title like '$ty' and text like '$tr' order by note_id desc") or die ('Sorry, '.mysql_error()); if (mysql_num_rows($r)==0) die ('Error'); while ($w=mysql_fetch_row($r)) { echo "<div class=\"noteczka\"><h2>$w[1]</h2>"; echo nl2br($w[2])."<br><br  $w[3])</div>"; } } else { ?> |
|||
 27.05.2009 18:28:10 |
|
|||
alt3rn4tiv3             |
You mean apart from being totally insecure and messy?  I don't know.. describe your "bug"? |
|||
 28.05.2009 15:50:33 |
|
|||
|
dodus86 |
i'd like to now how to bypass magic_quotes and make sql injection on this script  |
|||
|
04.06.2009 15:35:38 |
|
|||
Towley        |
for example when magic quotes is on: input = ''' <-- 3 chars $foo = $_POST['input']; # assume \'\'\' <-- 6 chars $foo = substr($foo, 0, 5); # spam \'\'\ <-5 chars the last \ will cause sqli because it is not properly encoded loose backslash.... right ? Greetings Towley Edit: I'd like to see an exploit for your script |
|||
Edited by Towley on 05.06.2009 01:57:21 | ||||
 05.06.2009 01:56:34 |
|
|||
private message
EMail
Website;){kind=small}
Website