i hope this fits here

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

i hope this fits here

Post by banon on Tue May 27, 2008 6:19 pm
([msg=3372]see i hope this fits here[/msg])

you know when a site is open for sql injections it will give you like an ivalid query message when you test it?

is it possible that the site does that and still has security past that? i know a place that i found is open for sql injections, but i can not seem to form a sql injection that works!

i have even looked through the source code of the open(for attack that is) software!
i am the eggman, i am the eggman, i am the walrus, goo goo ga choo - john lennon
banon
New User
New User
 
Posts: 18
Joined: Tue May 27, 2008 5:43 pm
Blog: View Blog (0)


Re: i hope this fits here

Post by Rijnzael on Wed May 28, 2008 2:48 am
([msg=3390]see Re: i hope this fits here[/msg])

Indeed. The site may very well see that your queries are invalid and not actually pass the query to the SQL server. Or, if it does, it may not have the functionality to give you the results because you caused an error.
Rijnzael
Poster
Poster
 
Posts: 164
Joined: Sun Apr 13, 2008 10:12 am
Location: 128.0.0.0/8
Blog: View Blog (0)


Re: i hope this fits here

Post by banon on Wed May 28, 2008 6:19 pm
([msg=3439]see Re: i hope this fits here[/msg])

but it reports my incorrect query, so if it see's that i am trying to abuse it (and stops the attack) and it still reports the error then that is... genius

or i could just suck at sql, and it could be a genuine error.

i hope it is the latter, because i need some sql practice, it is definitly my weakest point. other than server side (telnet/ssh) hacking. do you know anybody/anywhere i can learn some more about sql exploits? and i am not talking basics, i am talking real world shit.


btw: this situation is purely theoretical of course ;)
i am the eggman, i am the eggman, i am the walrus, goo goo ga choo - john lennon
banon
New User
New User
 
Posts: 18
Joined: Tue May 27, 2008 5:43 pm
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests