MySQL Forums
Forum List  »  Security

SQL Injection
Posted by: Rob Lee
Date: October 26, 2006 12:49PM

Hi,

I'm reviewing some old web CGI code at the moment and I found something that I think is serious, however I don't seem to be able to 'prove' it's insecure. The code is an old Perl CGI script using Mysql.pm (not DBI) :

my $query = "select * from admins where user=\"param(u)\" AND s = 1";
my $sth = $dbh->query($query);
while(%hash = $sth->fetchhash) {
# Compares hash password to sumitted password
}

The param method is from CGI.pm and does no escaping, so whatever gets passed from the web-form goes directly into the query.

I've tried various sql injection attacks but aside from causing an error on $dbh->query($query) (which is bad but not the end of the world) I have been unsuccessful in causing any damage. For example I have tried passing in :

blah";drop table admins;select * from admins where user="blah

But this just causes an error - so is this the 'worst' thing that I can expect or is there something more serious I need to be worried about ?

Options: ReplyQuote


Subject
Views
Written By
Posted
SQL Injection
3205
October 26, 2006 12:49PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.