Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Circumventing dotDefender
Posted by: LowProfile
Date: February 20, 2012 02:25PM

I added this line of code,

/~$%20getent%20passwd%20root%20kkeller

to test its capabilities on a website that uses the "worldsingles.com" platform to see security vulnerabilites in the site and I was returned with the following.



dotDefender Blocked Your Request


dotDefenderā„¢ Web Application Firewall
dotDefender is a software-based web application firewall installed on Apache, IIS, or Microsoft ISA Server.

Any ideas? My goal is not to obtain login information, but in essence to see if their are any vulnerabilities. What is more interesting to me is if you can use and SQL attack to obtain personal information, without actually obtaining or logging into an account from the database.

Options: ReplyQuote


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *