SQL Injection
I've not quite into sql injection yet. Only some simple ones like form injection and injection by link.
regarding form injection: What if quotes are sanitized with backslashes? I always hav that problem. Im stuck.
Use some type of encoding on them (URL, Hex, Dec, etc).
http://www.thespanner.co.uk/ has some great tools and examples.
If they're sanitized at the browser (silly developers) via javascript or silimar then:
1) Use TamperData or similar to submit the values.
2) Save the page, insert fully qualified URIs and edit the javascript to your liking or disable it complete.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Its not sanatized thru browser. I've tried disabling javascripts that validates the form but it wont work..long2 time ago.
Thnx for the link!
Never thought of encoding the characters before. thnx for the ideas.
Looks like I need to learn more abt sql b4 attempting any injectios. Hmms...
Cake, you might wanna checkout:
http://books.slashdot.org/article.pl.../11/21/1521241
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Hmm..cool! thnx for the link again. Mayb ill think of buying it. or ill think ill just google for tutorials..its free.
Posting Permissions
