Penetration Testing mailing list archives
Re: how to exploit SQL INJECTION?
From: Christian Martorella <laramies2k () yahoo com ar>
Date: Wed, 22 Jun 2005 05:56:02 -0300 (ART)
Hi Pablo, you can get a copy of ISSAF (Information Systems Security Assessment Framework), it has a chapter called "Web Application Security (Sql Injection)" where you can find a comprehensive step by step howto for testing Sql injection in webapps. The ISSAF page: http://www.oissg.org/content/view/71/71/ It worth the read if you don't know the ISSAF yet. Cheers! Christian Martorella OISSG Barcelona Chapter --- Pablo Escobar <slackware77 () gmail com> escribió:
Hello people, I made in my network website server with SQL with vulnerabilities to learn how to exploit it, I searched in google and i tried but dont work, the report of the nessus is: The following URLs seem to be vulnerable to various SQL injection techniques : /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=') or ('a'='a /resources/expand_subject.asp?id=') or ('a'='a /resources/expand_subject.asp?id=') or ('a'='a now,how can I exploit it?,somebody can guide me plz?,thank u very much,good luck.
___________________________________________________________ 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo http://correo.yahoo.com.ar
Current thread:
- how to exploit SQL INJECTION? Pablo Escobar (Jun 21)
- Re: how to exploit SQL INJECTION? David Eduardo Acosta Rodríguez (Jun 21)
- RE: how to exploit SQL INJECTION? Victor Chapela (Jun 21)
- Re: how to exploit SQL INJECTION? Steve Friedl (Jun 21)
- Re: how to exploit SQL INJECTION? Pablo Fernández (Jun 21)
- Re: how to exploit SQL INJECTION? Sugiowono (Jun 21)
- RE: how to exploit SQL INJECTION? Leandro Reox (Jun 21)
- Re: how to exploit SQL INJECTION? Christian Martorella (Jun 22)
- <Possible follow-ups>
- Re: how to exploit SQL INJECTION? kashmira . phalak (Jun 21)