Login   Register  
PHP Classes
elePHPant
Icontem

SQL Injection Attack

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      Access user Class  >  All threads  >  SQL Injection Attack  >  (Un) Subscribe thread alerts  
Subject:SQL Injection Attack
Summary:Code seems vulnerable to SQL inject if magic_quotes_gpc is off
Messages:3
Author:John Doe 3rd
Date:2007-02-07 02:20:19
Update:2013-05-01 09:57:10
 

  1. SQL Injection Attack   Reply   Report abuse  
Picture of John Doe 3rd
John Doe 3rd
2007-02-07 02:20:19
Olaf,

I downloaded and was testing your access user class today. The login page appears to be vulnerable to a SQL injection attack if you have magic_quotes_gpc turned off. As a result, I can log in as the administrator without knowing the password. To reproduce, go to the login form and enter whatever you want in the password field and then enter the following as the username:
administrator' or 'a'='a

I'm using version 1.95 of your class which was updated on 2007-01-31. It looks like you need to pass all user input data to addslashes or mysql_real_escape_string before using it in the SQL query.

  2. Re: SQL Injection Attack   Reply   Report abuse  
Picture of Olaf Lederer
Olaf Lederer
2007-02-07 10:22:29 - In reply to message 1 from John Doe 3rd
thanks for reporting that (looks like I forgot this)

check the updated version on my website, if you have more comments or suggestions, please share them at the official forum (link is on the project site inside the right column)

Olaf

  3. Re: SQL Injection Attack   Reply   Report abuse  
Picture of serdar
serdar
2013-05-01 09:57:10 - In reply to message 2 from Olaf Lederer
i can find 1.86 version. where can i download latest version.