PHP universal password-vulnerability warning-the black bar safety net

2010-05-12T00:00:00
ID MYHACK58:62201026913
Type myhack58
Reporter 佚名
Modified 2010-05-12T00:00:00

Description

To be honest if a site front Desk are injection vulnerabilities, then empirically, the Universal password into the background of the probability is substantially

One hundred percent.

But some people say about PHP's station if GPC magic conversion turned on, it will be on a special symbol, the escape, will completely eliminate the

PHP injection.

In fact, to say that people have not even thought about, not tried to use the Universal password into the PHP backend.

In fact, GPC magic Converter whether to open the Universal password into the background a little effect also no.

If you use such a universal password’or’=’or’, of course not to go, citing the GPC turned on when single quotes will be converted.

PHP injection when I used the Universal password is:’or 1=1/*.

Then we analyze why it can be into the background.

If the sql statement is written like this:"SELECT * FROM admin where name=’".$ _POST[’name’]."’ and

password=’".$ _POST[’password’]."’", That we have in the account at the input of the Universal password’or 1=1/*and password just input, sql

The statement will become select * from admin where name=’or 1=1/*’ and password=’any characters’ is.

/*For mysql comment character, so something behind it is commented out, that is why the password just input the reason.

Assume that the GPC conversion is not turned on, then see: where name=’or 1=1 for*/later stuff is commented out,

name=’logic value is false, then the surface of the 1=1 logic value is true, the whole becomes false or true, the final logical value

Or really, just into the background.

So if the GPC conversion turned on, the single quotes were converted. The statement then becomes where name=’\’or 1=1,in

Look at and just what is the difference, is nothing more than a\is. name=’\’and name=’and the logical value as false, then 1=1

True, the total of the sql statement to the logical value of the Not or really? There's no backstage reason?

So in General, php website, universal password can be written like this:’or 1=1/*, while the GPC conversion is turned on for it without any

What impact!

So please change your mind: there is a character-type injection php website is you can use universal password’or 1=1/*