[ubuntu-hardened] ubuntu 8.04 default PHP install

Dan Guido dguido at gmail.com
Thu Sep 18 03:04:12 BST 2008

Hi list,

Does Ubuntu package PHP in such a way that simple tick marks used in
sql injection attacks are automatically escaped? I see that you
patched PHP with the hardened-php patch and included the Suhosin
module, however, I was unaware they had any such functionality.

I'm trying to make an example SQL injection for a class and the script
I have is *clearly* vulnerable however the parameters are still being


Dan Guido

More information about the ubuntu-hardened mailing list