Comments on: Mysql_escape_string: the charset vulnerability https://www.gosecure.it/blog/art/483/sec/mysql_escape_string-the-charset-vulnerability/ MyDear(root)Shell Fri, 25 May 2018 13:43:21 +0000 hourly 1 https://wordpress.org/?v=5.6 By: jiachen https://www.gosecure.it/blog/art/483/sec/mysql_escape_string-the-charset-vulnerability/#comment-30153 Fri, 25 May 2018 13:43:21 +0000 https://www.gosecure.it/blog/?p=483#comment-30153 nice osce codes hahahahah

]]> By: carlos https://www.gosecure.it/blog/art/483/sec/mysql_escape_string-the-charset-vulnerability/#comment-20188 Mon, 28 Sep 2015 23:22:35 +0000 https://www.gosecure.it/blog/?p=483#comment-20188 I’m trying to play your example. But in both cases’ it is escaped. I find the way to introduce SQL injection. If I force the conezion to GBK if it works, but not how to force this without changing the file

]]> By: php doesn´t interpret my hex characters as hex | DL-UAT https://www.gosecure.it/blog/art/483/sec/mysql_escape_string-the-charset-vulnerability/#comment-13401 Sat, 30 May 2015 00:52:52 +0000 https://www.gosecure.it/blog/?p=483#comment-13401 […] Username and password are escaped before they are used in the querystr above. This means any apastroph(single quote) is escaped as well. I found a blog describing this very issue here: mysql_escape_string-the-charset-vulnerability. […]

]]>