Penetration Testing mailing list archives
bypass input filter (SQL Injection / XSS)
From: "Rick Zhong" <sagiko () gmail com>
Date: Tue, 22 Aug 2006 23:37:40 +0800
Hi, Are there any SQL injection or XSS techniques to bypass server-side input validation which filter special characters including \ ' " ( ) < > = I also noticed that @ is allowed, but on a Oracle server? Can @ cause any harm? regards, Rick ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- bypass input filter (SQL Injection / XSS) Rick Zhong (Aug 22)