|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 118
Members: 0
Total: 118
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
SQL injection in post |
|
Posted: Sun Sep 21, 2008 4:52 am |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
I'm having problems with sql injection in post method. whenever I insert a
single quote ( ' ) I get this mysql error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/blah/public_html/blah.php on line 16
But then when I try this...
lol' and union all select 1,2,3-- or lol' and 1=1-- then lol' an d 8=9--
The page displays no error.
So I can't seem to get it to union select onto the page like normally would. On the same domain there was a sql injection vulnerability in a get method and whenever I'd use an incorrect statement I remember that it would pop this same error.
Any suggestions?
Thanks in advance |
|
|
|
|
Posted: Sat Oct 04, 2008 6:05 am |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
Waraxe?
someone.... |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|