This is an issue so often discussed, I know, but I recently found this vulnerability , and I check if I am resistant to such an injection, however I cannot imitate this behavior. I probably do not understand this request, which they use.
The part that interests me:
The first vulnerability affects mysql_real_escape_string () which does not reject invalid multibyte characters. For example, in UTF-8, "0xC8" "attackers" or "0xC8" attackersql "is converted to" one_character "attackersql" (ignore spaces). So the request is:
SELECT ... WHERE v = 'mysql_real_escape_string ("0xC8' attackersql") '
become:
SELECT ... WHERE v = '0xC8' 'attackersql'
SELECT ... WHERE v = 'one_character' attackersql '
Thus, an attacker can enter the attackersql command.
The question sounds pretty lame, but how can I get this injection to work?
Note (edited): I am using PHP 5.2.6, MySQL 5.0.51a (fix) and charset 'utf8' is installed in the DB connection.
chyno source
share