Need more information. What are some examples of what you've tried? And what kind of web application? Can you do authentication bypass with the following?:
' or 1=1; #
SQLi - MySQL
Good evening all,
I'm in the process of attempting to exploit a SQLi vulnerability detected by Nessus scanner on a web application I've downloaded. Before getting flamed, I just want to say that I've spent countless hours doing tons of research and studied many training materials but I've never run across this situation. In this particular case, the SQLi vulnerability is actually in the HTTP Headers (Referrer). However, what's weird to me is that a single quote (') is the ONLY thing that triggers an MySQL_num_rows() error. Tried many blind sqli techniques and even some time-based from learning resources, but it seems like nothing has an effect other than putting a single quote (which only generates a mysql_numrows() error), or even if I add 3, 5, etc.
Any advice on what I'm doing wrong / missing, please let me know. I appreciate any feedback.
Re: SQLi - MySQL
Need more information. What are some examples of what you've tried? And what kind of web application? Can you do authentication bypass with the following?:
' or 1=1; #
Re: SQLi - MySQL
Along with the tick have you tried various positive & negative clauses? Have you tried different comment constructs? (--, #, /*) What about setting referrer to null or wildcard?
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: SQLi - MySQL
Which app? Might be easier if we can see the block of code causing you grief
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
Posting Permissions