I'm evaluating PHP/Mysql code and I found a problem, in the following code :
<?php
$query="
SELECT *
FROM table1 m JOIN table2 t
$condition
ORDER BY m.field1, t.field2
";
$db->query($query);
?>
I'm able to inject everything I want into $condition, but I can't manage to
make the ORDER clause to be ignored (using -- /* ...), which leads to an sql
error.
I'm sure it's quite stupid but I have to admit that i'm stucked ...
Do you have an idea ?
Bests,
Alex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
I'm evaluating PHP/Mysql code and I found a problem, in the following code :
<?php
$query="
SELECT *
FROM table1 m JOIN table2 t
$condition
ORDER BY m.field1, t.field2
";
$db->query($query);
?>
I'm able to inject everything I want into $condition, but I can't manage to
make the ORDER clause to be ignored (using -- /* ...), which leads to an sql
error.
I'm sure it's quite stupid but I have to admit that i'm stucked ...
Do you have an idea ?
Bests,
Alex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk2r7ZIACgkQRiuXGItTIgy72gCeKY8SQGwhm/BgtGFhT1gUFjwA
6eAAn10ex7ah3SHTjSD49sWHpqzJ47lz
=4t0L
-----END PGP SIGNATURE-----
[ reply ]