M, Paul didn't do a write up on this as yet, I have to look in my notes I believe I wrote it down while Paul was giving the example since I tested it myself at the CTF and it worked.
If I don't find I am sure in a week or so Paul will have the write up! ------Original Message------ From: [email protected] Sender: [email protected] To: PaulDotCom Security Weekly Mailing List ReplyTo: PaulDotCom Security Weekly Mailing List Sent: Jul 29, 2009 4:48 AM Subject: [Pauldotcom] Episode 161 SQL Exploit? Hi all, I've just finished listening to Ep. 161 and Paul talked about an SQL statement that he had used as part of the CTF last week that created a PHP script on the fly and executed ShellCmds on a server. I'd be v. interested in seeing this to try and prevent it from happening on my systems but I can't find it in the show notes. Anyone got any ideas as to where I can find this? Thanks, M. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
