HomeForumsBugs
 Database Security. Database Auditing. Database Caching. Database Masking. Get it now

again bypassed

Posted December 10th, 2008 by Reiners
in

Hi,
thanks for the credits :)

new bypass:
user: 1'+1<~-'3
pass: '-1)<('1

remember that the flexible mysql syntax allows all kinds of modifications like adding new mathematical operators:

user: 1'- + -1 <~ - '3
pass: ' - + - 1)- +1 < ~ ('1

But not only numbers and whitespaces, also functions like "1+char(32)+2" or vars like "1+@asd+2" or strings/columns like "1+current_user+2", as well as parentheses, operators (SOUNDS LIKE, RLIKE, REGEXP) and so on.

More on this here:
http://websec.wordpress.com/2007/11/11/mysql-syntax/

greetings,
Reiners

‹ greensql-fw[2002]: segfault at db1 ip 00000db1 sp bfb0d1ac error 14 in greensql-fw[8048000+26000] GreenSQL service cannot be started if greensql log file size is > 2GB ›

Comments

Hello Reiners Thanks for

On December 19th, 2008 yuli says:

Hello Reiners

Thanks for reporting. I will fix it ASAP !!!

Yuli

Hi I have just committed

On December 24th, 2008 yuli says:

Hi

I have just committed changes for the bug you reported.

Please check the demo version:

http://demo.greensql.net/login.php

Thanks,
Yuli

Back to top