|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 68
Members: 0
Total: 68
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Tirim |
|
Replies: 1 |
Views: 7122 |
|
|
|
|
|
|
Suppose you are in a situation where you're injecting into linked servers. Is there any way to return details about the connection properties?
The IP address of the server for example?
|
|
|
|
Tirim |
|
Replies: 3 |
Views: 9411 |
|
|
|
|
|
|
'; UP/**/DATE SomeTable SET Password ='blah' where 1=1--
The above example will evade the sanitization methods you use, because /**/ is treated as a comment, breaking the 'UPDATE' statement into fr ... |
|
|
Page 1 of 1 |
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|