Posted by Richard Levasseur on 08/23/06 07:20

Chung Leong wrote:
> Ignoramus20689 wrote:
> > I am not a PHP expert (I do mod_perl), but it would seem that this
> > code is likely to be a good candidate for SQL injection attack. Is
> > that the case? If so, I would write to them.
>
> That's a definitely a SQL injection vulnerability, as the code is
> written for PHP3, where there is no register_globals option (i.e. it's
> always on). Whether it can be exploited is another matter. I don't
> think you can execute multiple statement through mysql_query().

IIRC, you can in some obscure way, but I forget. I think it was later
fixed in later release of mysql.

With the code, though, you could easily make the password line be
password='' or '1'='1', thus being able to log in as anyone (a parent
post pointed this out as well)

• Next in forum: Re: The Adapter Pattern in PHP5
• Prev in forum: Re: How to modify CSS with PHP?
• Thread view: Re: Is this a security issue

[Reply to this message]