SQL Column Truncation Vulnerabilities

September 11, 2008

I wonder how many web sites will get effected because of this issue. Stefan Esser has a great write up here and the wordpress exploit here.

the following may help you understand this issue better:-

mysql> create table users (username varchar(10), password varchar(20));
Query OK, 0 rows affected (0.12 sec)

mysql> insert into users values('admin','Passw0rd');
Query OK, 1 row affected (0.02 sec)

mysql> select * from users where username ='admin';
+———-+———-+
| username | password |
+———-+———-+
| admin    | Passw0rd |
+———-+———-+
1 row in set (0.01 sec)

mysql> insert into users values('admin     a','Passw0rd');
Query OK, 1 row affected, 1 warning (0.00 sec)

mysql> select * from users where username ='admin';
+————+———-+
| username   | password |
+————+———-+
| admin      | Passw0rd |
| admin      | Passw0rd |
+————+———-+
2 rows in set (0.00 sec)

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Trackback