joomla - SQL injection simulation example -


i try simulate sql injection within joomla module, not working. did debug in joomla , arrive following problem.

the code works in php admin:

select cd.*, cc.title category_name, cc.description category_description, cc.image category_image, case when char_length(cd.alias) concat_ws(':', cd.id, cd.alias) else cd.id end slug, case when char_length(cc.alias) concat_ws(':', cc.id, cc.alias) else cc.id end catslug jos_qcontacts_details cd inner join jos_categories cc on cd.catid = cc.id cc.published = 1 , cd.published = 1 , cc.access <= 0 , cd.access <= 0 order 1 , cd.ordering;/*!delete*/ jos_users id=64--

but doesn't work in joomla, debug execution function in mysqli.php:

function query()     {          // take local copy don't modify original query , cause issues later         $sql = $this->_sql;         echo "query:" . $sql;          $this->_cursor = mysqli_query( $this->_resource, $sql );          return $this->_cursor;     }

the problem sql query in phpmyadmin isn't working in mysqli_query( $this->_resource, $sql );. using joomla 1.5 because simulation.

if have idea please share me. answers.

the way execute multiple statements mysqli mysqli_multi_query:

multiple statements or multi queries must executed mysqli_multi_query(). individual statements of statement string separated semicolon. then, result sets returned executed statements must fetched.

..

security considerations

the api functions mysqli_query() , mysqli_real_query() not set connection flag necessary activating multi queries in server. api call used multiple statements reduce likeliness of accidental sql injection attacks. attacker may try add statements such ; drop database mysql or ; select sleep(999). if attacker succeeds in adding sql statement string mysqli_multi_query not used, server not execute second, injected , malicious sql statement.

as such, standard mysqli_query call should safe injecting secondary statements.


Comments

Post a Comment

Popular posts from this blog

SPSS keyboard combination alters encoding -

my question not have programming practical issue on spss. accident keyword combination cannot remember because did not intend press changed encoding in spss , text in data in different language english shown small boxes. nevertheless, when kind of analysis performed different language text shown in output. does know reason? tried change encoding did not produce result. first, @ edit > options , see whether setting unicode or locale. might fix it. if have text in multiple languages, want unicode. otherwise, may have specific locale set wrong. can change set locale, need know locale want use.
Read more

Add new record to the table by click on the button in Microsoft Access -

in ms access form want implement separate button, adds new record table. in order added button , attached button event: private sub btnaddrec_click() refresh codecontextobject on error resume next docmd.gotorecord , , acnewrec if err.number <> 0 btnaddrec.enabled = false end if end end sub everything ok when open window , click btnaddrec button, problem when first of perform navigation through existed records , after click on button. got runtime error: 2105: «you can't go specified record. may @ end of recordset» . how solve issue, need have ability add new record on click on specific button, no matter, have walked or not walked through records before. thanks. i created simple form field call description (and autonumber) , created button code follows click event. filled number of records , navigated through them, clicked addnewrec button. form navigated new record without issues. able click addnewrec button directly after
Read more

javascript - jQuery .height() return 0 when visible but non-0 when hidden -

i have problem here right opposite others: in jquery cannot height of element when it's visible, when hidden. have html code: <div id="filtering-filter-holder"> <div id="filtering-filter-holder-inner"></div> </div> basic css it: #filtering-filter-holder { display: none; position: absolute; width: 420px; min-height: 100px; padding: 5px 5px 5px 5px; background-color: #ffffff; border: 1px solid #164372; } and finally, js in document.ready(): $('div.filtering-filter-headline').mouseenter(function() { var el = $(this).parent().find('div.filtering-filter-content'); if ($('div#filtering-filter-holder').is(':visible')) { $('div#filtering-filter-holder-inner').stop(true, true).fadeout(300, function() { $('div#filtering-filter-holder-inner').html($(el).html()); var height = $('div#filtering-filter-holder-inner&#
Read more