« Back to home

Advanced SQL Injection

Ok, here’s a great blog post by Chris Shiflett about a crazy-creative SQL injection technique: http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string Very cool. His technique relies on tricking addslashes into breaking up a two byte character with a slash, creating a valid two byte character followed by a valid one byte character. He mentions that this (specific attack) is impossible with UTF-8 because all two (or more) byte characters have continuation bytes that start with 0b10.…

Read more »