Thursday, June 20, 2013
MySQL and SQL Column Truncation Vulnerabilities
Developers :-) morning.... and hackers (we know u dint sleep so ...sup)
heard of MySQL and SQL Column Truncation Vulnerabilities?...No?
ok so ..... its when a simple misconfiguration happens when developers dont escape data size options in coding e.g
$submitted_data = null;
if (isPswdCorrect($uame, $pswd)) {
$submitted_data = getUserDataByLogin($uname);
...
}
this gives us/a hacker chance to create another admin/user with the same privillages as a known user but with a diff password...
that is if i login as :admin x: instead of :admin: it will still work with a diffrent password that i would have created as :admin x: (without the ::)
happy security information :P
P.S video coming up soon....
-
BTS------------Base Transiever Station GSM-----------Global System for Mobile Communications, originally Group Spécial Mobile OsmocomBB---... -
Requirements: OsmocomBB compatible phone (Motorola c113/115/118/123) CP2102 cable (can be found here ) TyphonOS (read this is you ha...
No comments:
Post a Comment