Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

bypass input filter (SQL Injection / XSS)

From: "Rick Zhong" <sagiko () gmail com>
Date: Tue, 22 Aug 2006 23:37:40 +0800
Hi,
Are there any SQL injection or XSS techniques to bypass server-side
input validation which filter special characters including  \ ' " ( )
< > =

I also noticed that @ is allowed, but on a Oracle server? Can @ cause any harm?

regards,
Rick

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: