Sql injection in search filed

[Juan B <juanbabi () yahoo com>]

> Hi Dear Friends,
>
> I am doing a pen test of web apps for a client, I use A
> Acunetix web apps scanner, now the scanner tells mi the
> client has an SQL injection issue in a search field in his
> site. im looking for ways to exploit this issue to reveal
> all the data or to inject data or something similar, the
> thing is that I cant see a way to doa that and Im not sure
> Its worth the time cause,well what a search form can reveal?
> just all the data that it was should reveal in the firest
> place right? its not a usual sql injection since I dont have
> any authentincation method that I should bypass. I did issue
> a search for " ` " and it tells me that it didnt
> find any words contaning this word, the same for `ADMIN'
> or '1' = '1 any ideas how to continue?
>
> thanks a lot !
>
> J


      

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------