Results 1 to 5 of 5

Thread: SQL Injection

  1. #1
    Junior Member
    Join Date
    Nov 2007
    Posts
    42

    Arrow SQL Injection

    I've not quite into sql injection yet. Only some simple ones like form injection and injection by link.

    regarding form injection: What if quotes are sanitized with backslashes? I always hav that problem. Im stuck.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Use some type of encoding on them (URL, Hex, Dec, etc).
    http://www.thespanner.co.uk/ has some great tools and examples.

    If they're sanitized at the browser (silly developers) via javascript or silimar then:
    1) Use TamperData or similar to submit the values.
    2) Save the page, insert fully qualified URIs and edit the javascript to your liking or disable it complete.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Posts
    42

    Default

    Its not sanatized thru browser. I've tried disabling javascripts that validates the form but it wont work..long2 time ago.

    Thnx for the link!

    Never thought of encoding the characters before. thnx for the ideas.
    Looks like I need to learn more abt sql b4 attempting any injectios. Hmms...

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Junior Member
    Join Date
    Nov 2007
    Posts
    42

    Default

    Hmm..cool! thnx for the link again. Mayb ill think of buying it. or ill think ill just google for tutorials..its free.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •