Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: any sql injection bypass on filters?

From: The Dead <th3d34d () gmail com>
Date: Wed, 22 Sep 2010 18:46:51 -0300
Hi Jacky,

If you send for example a common string, the application with filter it?

Sample: ASC, (case when (2=2) then foo else bar end)

If the application fail to filter it probably you will got an error like:

Unknow column 'foo'....

Try it!

On Wed, Sep 22, 2010 at 5:35 PM, Jacky Jack <jacksonsmth698 () gmail com> wrote:

Hi

I'm currently on a php web application page which issues an error
message when submitting invalid value for "sort" parameter.
But the application  accepts only a-zA-Z for this parameter. I've
tried to bypass it by char(), hex().
If I change its parameter value to a value other than "ASC", "DESC",
the application issues a generic sql error starting with "You have an
error in your SQL syntax".

So, in this situation, can the application still be assumed as
vulnerable to sql injection?

Thank you.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: