Examples of SQL Injections through addslashes()?

by

Well, here’s the article you want.

Basically, the way the attack works is by getting addslashes() to put a backslash in the middle of a multibyte character such that the backslash loses its meaning by being part of a valid multibyte sequence.

The general caveat from the article:

This type of attack is possible with any character encoding where
there is a valid multi-byte character that ends in 0x5c, because
addslashes() can be tricked into creating a valid multi-byte character
instead of escaping the single quote that follows. UTF-8 does not fit
this description.

More Related Contents:

  1. How can I prevent SQL injection in PHP?
  2. SQL injection that gets around mysql_real_escape_string()
  3. Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?
  4. How can I sanitize user input with PHP?
  5. Are PDO prepared statements sufficient to prevent SQL injection?
  6. Is “mysqli_real_escape_string” enough to avoid SQL injection or other SQL attacks?
  7. Reference: What is a perfect code sample using the MySQL extension? [closed]
  8. The ultimate clean/secure function
  9. Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
  10. When should I use prepared statements?
  11. SQL injections in ADOdb and general website security
  12. Best way to defend against mysql injection and cross site scripting
  13. Why is using a mysql prepared statement more secure than using the common escape functions?
  14. how safe are PDO prepared statements
  15. What does mysql_real_escape_string() do that addslashes() doesn’t?
  16. Do I have to use mysql_real_escape_string if I bind parameters?
  17. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE `id` [closed]
  18. “Keep Me Logged In” – the best approach
  19. SELECT COUNT(*) AS count – How to use this count
  20. Full Secure Image Upload Script
  21. What does it mean to escape a string?
  22. PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
  23. How to insert multiple rows from a single query using eloquent/fluent
  24. Are mysql_real_escape_string() and mysql_escape_string() sufficient for app security?
  25. How can I relax PHP’s open_basedir restriction?
  26. How to run PHP exec() as root?
  27. CodeIgniter – why use xss_clean
  28. Laravel Eloquent, group by month/year
  29. How to generate unique id in MySQL?
  30. how do I get month from date in mysql

Leave a Comment