[fx.php_list] Re: [OFF] "SQL injection may be possible" ?

From: beverlyvoth <beverlyvoth@xxxxxxxxx>
To: fx.php_list@xxxxxxxxxxxxx
Date: Wed, 28 Mar 2018 11:32:15 -0400

Great info, thanks Chris! I always like to add this to these kinds of
conversations:
* https://imgs.xkcd.com/comics/exploits_of_a_mom.png
Beverly

On Mar 26, 2018, at 4:19 PM, Chris Moyer <cmoyer@xxxxxxxxxxxxxx> wrote:

Steve,
Regarding the referenced Boolean conditions, take a look at this for a more
comprehensive explanation:

https://www.owasp.org/index.php/Blind_SQL_Injection

I am also a bit confused by the feedback that you’ve been given - in what way
were "the page results [] successfully manipulated using the boolean
conditions…”…? A new account was created with undesired credentials? The
screen output an error? The content of the URL was saved in the DB somewhere?

Chris

_____________________________________________________________________
     FX.php Official Web Site -- http://fx.iviking.org/
FX.php Official Mailing List -- //www.freelists.org/list/fx.php_list
     (Subscribe, unsubscribe, and more at the mailing list site!)

                  FX.php_List@xxxxxxxxxxxxxxxx

References:
- [fx.php_list] [OFF] "SQL injection may be possible" ?
  - From: Joel Shapiro
- [fx.php_list] Re: [OFF] "SQL injection may be possible" ?
  - From: Beverly Voth
- [fx.php_list] Re: [OFF] "SQL injection may be possible" ?
  - From: Joel Shapiro
- [fx.php_list] Re: [OFF] "SQL injection may be possible" ?
  - From: Steve Winter
- [fx.php_list] Re: [OFF] "SQL injection may be possible" ?
  - From: Chris Moyer

Other related posts:

» [fx.php_list] [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Beverly Voth
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Chris Moyer
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Steve Winter
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- beverlyvoth
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Richard DeShong
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- beverlyvoth
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Richard DeShong
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Chris Moyer
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ? - beverlyvoth
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Richard DeShong
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Chris Hansen
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- beverlyvoth
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- beverlyvoth
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- Joel Shapiro
» [fx.php_list] Re: [OFF] "SQL injection may be possible" ?- beverlyvoth