Penetration Testing mailing list archives
Sql injection in search filed
From: Juan B <juanbabi () yahoo com>
Date: Fri, 5 Dec 2008 07:49:48 -0800 (PST)
Hi Dear Friends, I am doing a pen test of web apps for a client, I use A Acunetix web apps scanner, now the scanner tells mi the client has an SQL injection issue in a search field in his site. im looking for ways to exploit this issue to reveal all the data or to inject data or something similar, the thing is that I cant see a way to doa that and Im not sure Its worth the time cause,well what a search form can reveal? just all the data that it was should reveal in the firest place right? its not a usual sql injection since I dont have any authentincation method that I should bypass. I did issue a search for " ` " and it tells me that it didnt find any words contaning this word, the same for `ADMIN' or '1' = '1 any ideas how to continue? thanks a lot ! J
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Sql injection in search filed Juan B (Dec 05)
- Re: Sql injection in search filed Morning Wood (Dec 05)