php - SQL injection in oracle with sanitized input -

i'm looking @ old php code, trying figure out if it's vulnerable sql injection. boss believes it's safe, i'm hesitant accept that. it's using oracle db.

it's old code, , query being built via string concatenation (sprintf). however, user input string has hyphens , spaces removed (via str_replace), , addslashes() called on it. there still threat of attack in case? can give example?

since code written have moved using parametrized queries, ideally update that, i'm trying prove need so.

there examples of how inject attack using addslashes here:

examples of sql injections through addslashes()?
http://hakipedia.com/index.php/sql_injection#filter_bypassing
what mysql_real_escape_string() addslashes() doesn't?
http://www.itshacked.com/344/bypassing-php-security-addslashes-while-sql-injection-attacks-is-possible.html
is php's addslashes vulnerable sql injection attack?

if little lot not convince boss maybe set on test server , create poc injection against code using explained in above links give demonstration of attack. drop tables quite dramatic tricking script spewing out db contents onto page.

Search This Blog

Braziel

php - SQL injection in oracle with sanitized input -

Comments

Post a Comment

Popular posts from this blog

IF statement in MySQL trigger -

c++ - What does MSC in "// appease MSC" comments mean? -

javascript - Blogger related post gadget image Resize s72-c [ Need Expert Help ] -