Penetration Testing mailing list archives
Re: How to evade white spaces in a SQL injection
From: Falcifer <falcifer2001 () yahoo es>
Date: Fri, 26 Mar 2004 01:34:58 +0100
Sorry, but i dont understand it. Can you explain it a bit more; Suppous that the original query is: select * from users where useid=&my_user_without_spaces and password=&password where &my_user_without_spaces and &password where the inputs submitted by the webform but both vars without spaces; Thanks El jue, 25-03-2004 a las 18:13, Jeff Bryner escribió:
--- Falcifer <falcifer2001 () yahoo es> wrote:Hi, I've one aplication coded on asp with a login form and the only character that it validates its the withe space. Can i perform a sql injection on it? how?SQL is nice enough to do some automatic parsing for you..so select''+@@version will work. Of course if the validation is client side, just bypass it. ===== Jeff ----------------------- You... you can't dump me! I'm using your name for all my passwords! What exactly am I supposed to do about that!? - Justin Simoni __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
--------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- How to evade white spaces in a SQL injection Falcifer (Mar 25)
- Re: How to evade white spaces in a SQL injection Jeff Bryner (Mar 25)
- Re: How to evade white spaces in a SQL injection Falcifer (Mar 26)
- RE: How to evade white spaces in a SQL injection Jeff Bryner (Mar 30)
- Re: How to evade white spaces in a SQL injection Falcifer (Mar 26)
- Re: How to evade white spaces in a SQL injection Javier Fernandez-Sanguino (Mar 26)
- Re: How to evade white spaces in a SQL injection Jeff Bryner (Mar 25)