WebApp Sec mailing list archives
Is this expoitable via sql injection?
From: Nils Gundelach <nils () darktec org>
Date: Tue, 11 Jan 2005 15:21:11 +0100
Hi, i get the following error if i use foo"bar as username on a friends page:You have an error in your SQL syntax near 'bar$" AND `password` = '5f4dcc3b5aa765d61d8327deb882cf99'' at line 3] ( 1064 : You have an error in your SQL syntax near 'bar$" AND `password` = '5f4dcc3b5aa765d61d8327deb882cf99'' at line 3 )
foo'bar does nothing. The password field is immune to injects with double quotes.
I think it is not exploitable, but i'm not an sql expert. Regards, Nils
Current thread:
- Is this expoitable via sql injection? Nils Gundelach (Jan 14)
- Re: Is this expoitable via sql injection? Rogan Dawes (Jan 15)
- Re: Is this expoitable via sql injection? Nils Gundelach (Jan 16)
- Exploits from command line? Benjamin Livshits (Jan 19)
- Re: Exploits from command line? Antoine Martin (Jan 23)
- Re: Is this expoitable via sql injection? Nils Gundelach (Jan 16)
- Re: Is this expoitable via sql injection? Rogan Dawes (Jan 15)