Thursday, June 20, 2013

MySQL and SQL Column Truncation Vulnerabilities

Developers :-) morning.... and hackers (we know u dint sleep so ...sup)

heard of MySQL and SQL Column Truncation Vulnerabilities?...No?

ok so ..... its when a simple misconfiguration happens when developers dont escape data size options in coding e.g
$submitted_data = null;
if (isPswdCorrect($uame, $pswd)) {
$submitted_data = getUserDataByLogin($uname);

this gives us/a hacker chance to create another admin/user with the same privillages as a known user but with a diff password...

that is if i login as :admin x: instead of :admin: it will still work with a diffrent password that i would have created as :admin x: (without the ::)
happy security information :P

P.S video coming up soon....

No comments:

Post a Comment

Container [docker] <----> Host <----VPN--->cloudThingy

I restarted my HITB (Hack In The  Box) tutorage , they are pretty good , check them out for offensive labs (they have about 20 free ones) an...