Penetration Testing mailing list archives
Re: any sql injection bypass on filters?
From: The Dead <th3d34d () gmail com>
Date: Wed, 22 Sep 2010 18:46:51 -0300
Hi Jacky, If you send for example a common string, the application with filter it? Sample: ASC, (case when (2=2) then foo else bar end) If the application fail to filter it probably you will got an error like: Unknow column 'foo'.... Try it! On Wed, Sep 22, 2010 at 5:35 PM, Jacky Jack <jacksonsmth698 () gmail com> wrote:
Hi I'm currently on a php web application page which issues an error message when submitting invalid value for "sort" parameter. But the application accepts only a-zA-Z for this parameter. I've tried to bypass it by char(), hex(). If I change its parameter value to a value other than "ASC", "DESC", the application issues a generic sql error starting with "You have an error in your SQL syntax". So, in this situation, can the application still be assumed as vulnerable to sql injection? Thank you. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- any sql injection bypass on filters? Jacky Jack (Sep 22)
- Re: any sql injection bypass on filters? The Dead (Sep 22)
- Re: any sql injection bypass on filters? Speedy (Sep 23)
- Re: any sql injection bypass on filters? Jacky Jack (Sep 23)
- Re: any sql injection bypass on filters? Dan Crowley (Sep 23)
- Re: any sql injection bypass on filters? Speedy (Sep 23)
- Re: any sql injection bypass on filters? Joe Peters (Sep 23)
- Re: any sql injection bypass on filters? Jacky Jack (Sep 23)
- Re: any sql injection bypass on filters? Joe Peters (Sep 23)
- Re: any sql injection bypass on filters? Jacky Jack (Sep 23)
- Re: any sql injection bypass on filters? The Dead (Sep 22)