|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 53
Members: 0
Total: 53
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Bypass filters |
|
Posted: Fri Jul 03, 2009 2:57 pm |
|
|
Panic_Mode |
Active user |
|
|
Joined: Feb 09, 2008 |
Posts: 39 |
|
|
|
|
|
|
|
Hi guys.
Is there any effective way bypassing character filters? Hex encoding and such don't work.
There is a site previously keen on mysql injection, now it is patched with character detection. Whenever I try some characters like +, ' etc (even if they are encoded in hex) a message is displayed "no sql injection please".
Any hints?
Thanks |
|
|
|
|
Posted: Fri Jul 03, 2009 3:15 pm |
|
|
BoboTiG |
Advanced user |
|
|
Joined: Jun 22, 2009 |
Posts: 66 |
|
|
|
|
|
|
|
If there is character filter, it seems compromised... |
|
|
|
|
Posted: Sun Jul 05, 2009 6:49 am |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
Try using upper case letters.
Code: |
UNION SELECT 1,2,3 FROM
|
or replacing spaces with /**/
Code: |
UNION/**/SELECT/**/1,2,3/**/FROM
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|