Posted by pantagruel on 12/21/05 11:03
Hi, I'm worried that one of our online applications is exposed to a
possible SQL injection attack. I don't have the code for the
application as it is developed by a third party but the request:
my.php?x='1+1'
returns the error
Database error: Invalid SQL: SELECT x_id, x_type FROM object WHERE
x_serial = ''1 1''
MySQL Error: 1064 (You have an error in your SQL syntax. Check the
manual that corresponds to your MySQL server version for the right
syntax to use near '1 1''' at line 1)
Session halted.
Now looking at that it seems not to be open to an SQL injection because
the x querystring parameter was cleansed before being passed to
x_serial, at least that is my interpretation.
does this seem reasonable? Other than that I am of course somewhat
annoyed at the application spitting out sql code in its error report.
Is there anything I should try to pass as a parameter that will tell me
for sure if it is allowing SQL injection. The database, which I found
out from another error code on another page, is MySql.
[Back to original message]
|