Paid Advertising
SLA.CKERS.ORG
HA.CKERS SLACKING
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack.
Trying to inject/brute force
Posted by: Jorginhu (IP Logged)
Date: February 10, 2008 02:51PM
Does any one knows if it's possible to inject SQL on this login form??
[75.126.234.48]
I've tried a lot if injections, including %2527 to avoid magic quotes.. and nothing...
If anyone knows any way to inject or brute force it.. I'd aprecciate..
Thanks in advance..
[75.126.234.48]
I've tried a lot if injections, including %2527 to avoid magic quotes.. and nothing...
If anyone knows any way to inject or brute force it.. I'd aprecciate..
Thanks in advance..
Re: Trying to inject/brute force
Posted by: Mordred (IP Logged)
Date: February 11, 2008 12:41AM
I know a way to bruteforce it - try every possible combination of usernames and passwords...
Re: Trying to inject/brute force
Posted by: birdie (IP Logged)
Date: April 03, 2008 07:22AM
I have seen talk of the %2527 trick, the server is supposed to de-urlencode it, so it turns inti %27, which is ', am I right?
I know servers url-decode it once upon arrival, but why would they do it one more additional time? Someone please explain!
I have never exploited anything using the %2527 trick.
I know servers url-decode it once upon arrival, but why would they do it one more additional time? Someone please explain!
I have never exploited anything using the %2527 trick.
Sorry, only registered users may post in this forum.
sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle.
SecTheory Security Consulting *