PHP Classes

SQL Injection Attack

Recommend this page to a friend!

      Access user Class  >  All threads  >  SQL Injection Attack  >  (Un) Subscribe thread alerts  
Subject:SQL Injection Attack
Summary:Code seems vulnerable to SQL inject if magic_quotes_gpc is off
Messages:3
Author:John Doe 3rd
Date:2007-02-07 02:20:19
Update:2013-05-01 09:57:10
 

  1. SQL Injection Attack   Reply   Report abuse  
Picture of John Doe 3rd John Doe 3rd - 2007-02-07 02:20:19
Olaf,

I downloaded and was testing your access user class today. The login page appears to be vulnerable to a SQL injection attack if you have magic_quotes_gpc turned off. As a result, I can log in as the administrator without knowing the password. To reproduce, go to the login form and enter whatever you want in the password field and then enter the following as the username:
administrator' or 'a'='a

I'm using version 1.95 of your class which was updated on 2007-01-31. It looks like you need to pass all user input data to addslashes or mysql_real_escape_string before using it in the SQL query.

  2. Re: SQL Injection Attack   Reply   Report abuse  
Picture of Olaf Lederer Olaf Lederer - 2007-02-07 10:22:29 - In reply to message 1 from John Doe 3rd
thanks for reporting that (looks like I forgot this)

check the updated version on my website, if you have more comments or suggestions, please share them at the official forum (link is on the project site inside the right column)

Olaf

  3. Re: SQL Injection Attack   Reply   Report abuse  
Picture of serdar serdar - 2013-05-01 09:57:10 - In reply to message 2 from Olaf Lederer
i can find 1.86 version. where can i download latest version.