[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] RE: Simple to exploit SQL Injection ?
Would this be of relevance:
; Use Sybase-style magic quotes (escape ' with '' instead of \').
; Leave this OFF!
magic_quotes_sybase = OFF
HTH - KR
On Mon, 28 Nov 2005, Victor Chapela wrote:
> To: 'Jason binger' <cisspstudy@xxxxxxxxx>, webappsec@xxxxxxxxxxxxxxxxx
> From: Victor Chapela <victor@xxxxxxxxx>
> Subject: RE: Simple to exploit SQL Injection ?
> I agree with Rich, it seems your ' is being escaped by
> adding a second one. This should be interpreted by the
> database as a single quote within the quoted string '...'.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here