However, even with outdated code and older versions of the server, this vulnerability can only be launched if the character set of the database connection is changed from single-byte, such as Latin-1, to multi-byte, which allows using the value 0x5c (ASCII) in the second or later byte of a multibyte character.
In particular, UTF-8 does not allow this, unlike older Asian encodings such as GBK and SJIS. Therefore, if your application does not change the character set of the connection or changes it only to UTF-8 or single-byte, such as Latin-n, you can be safe from this exploit.
But itβs best to use the latest version of the server, use the right interface for changing character sets, and use prepared queries so you donβt forget to avoid things.
LHMathies Mar 13 '11 at 12:01 2011-03-13 12:01
source share