> regardless all the possible ways and arguments,
> is there an actual way to bypass Magic Quotes?
> CHAR doesnt work, also %% doesnt work
> i.e.
> INTO OUTFILE 'D:/www/zin.php'
> would be
> INTO OUTFILE CHAR(39,68,58,47,199,199,199,47,122,105,110,46,112,104,112,39);
> and will not work
>
> any proven ideas?
The simplest answer I have for you is that bypassing magic quotes can be
done in some situations, but it largely depends on the following:
1. Which database backend you're using.
2. Where in a query you're attempting to inject, and what you're trying
to inject.
In your case, I don't believe what you're doing can be made to work on
MySQL. However, instead of going for the gold (writing a file for
remote execution), you accept the silver (do a UNION on other tables
with sensitive info), you can probably bypass it.
tim
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|