Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Generic SQL injection false positives

From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Mon, 28 Dec 2009 17:53:10 -0600
--On December 28, 2009 4:28:18 PM -0600 Graham Bignell <bignell () gmail com> 
wrote:



On Mon, Dec 28, 2009 at 5:15 PM, Guise McAllaster
<guise.mcallaster () gmail com> wrote:

From what I've seen, some SQLi will work using "/**/" instead of

spaces.  Other bypasses are possible as well I thinks.  Others want to
contribute some useful bypasses to spaces?


"+"


+update?  Or + update?

Or are you referring to %20+update+whatever?

If so, the + sign is removed during normalization.


"%20"


This is a space, which will converted to a space by the normalization 
process.

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
******************************************
WARNING: Check the headers before replying


------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: