Penetration Testing mailing list archives
Re: sql injection - missed it at bh/defcon
From: Vadim Berezniker <vadim () berezniker com>
Date: Tue, 07 Aug 2001 20:35:04 -0400
nemo latin wrote:
All, [snip trunc cut] Any suggestions ?? __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Try this for example: 'or''=' This would translate a normal query like SELECT a,b,c FROM users WHERE username='something' AND password=''or''='' The second condition in this case will always be true. The syntax might vary from database to database though. -- AIM: Kryptolus BrainLINK Web Development Team [http://www.brainlink.com] 607 Site Design Web Development Team [http://www.607design.com] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- sql injection - missed it at bh/defcon nemo latin (Aug 07)
- Re: sql injection - missed it at bh/defcon Vadim Berezniker (Aug 08)