Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
SQL Injection Attack in search form
Posted by: huz
Date: March 18, 2012 10:15PM

hello guys, i have one question here..

i have a website using php..i tried to launch the attack through the search form but i failed.. when i put some statements in the field, the result showed back the statement i given earlier..

for example, i put " ' or 1=1-- ".. and the result is..

Sorry, your search: "\' or 1=1--" returned zero results

it keep repeating what i put in the form.. anyone can help me?
thank you in advance! :)

Options: ReplyQuote
Re: SQL Injection Attack in search form
Posted by: Reiners
Date: March 19, 2012 08:11AM

it is probably not vulnerable to SQL injection. note the escaped single quote. is the backslash \ escaped too ?

PS: although your description is not that detailed it is nice to see a thread again without "please hack http://url/".

Options: ReplyQuote
Re: SQL Injection Attack in search form
Posted by: the_storm
Date: March 19, 2012 05:42PM

I dont think it is vulnerable to SQLi but you should try XSS!! I think it is vulnerable !

Options: ReplyQuote
Re: SQL Injection Attack in search form
Posted by: huz
Date: March 19, 2012 07:26PM

@Reiners
thank you for your reply!
i don't know, just try to attack the web.
but i have put backslash just like you said.. i put "some\" and the result is..
Sorry, your search: "some\\" returned zero results
i think it use magic_quotes. how to bypass that?
i tried to encode but the result is the one that i encode.

@the_storm
thanks!
i tried putting this one
"<script>alert("XSS")</script>"
but the result is
Sorry, your search: "" returned zero results
i think this is because of my browser. current version of web browsers are already secured from xss isn't it?

Options: ReplyQuote
Re: SQL Injection Attack in search form
Posted by: the_storm
Date: March 25, 2012 03:52PM

This maybe is one reason you might try another web browser, or maybe there is some filteration in the website against XSS attacks :)

Options: ReplyQuote
Re: SQL Injection Attack in search form
Posted by: huz
Date: March 26, 2012 01:45AM

the_storm Wrote:
-------------------------------------------------------
> This maybe is one reason you might try another web
> browser, or maybe there is some filteration in the
> website against XSS attacks :)


thanx! i'll try that later...but is xss been secured?

Options: ReplyQuote
Re: SQL Injection Attack in search form
Posted by: dangerbear
Date: March 27, 2012 09:48AM

You can try different encodings for the characters you're trying to inject. Look online and find some cheat sheets with alternate encodings. Also, some SQL injections do not require any quotes/slashes, so keep that in mind.
For the XSS, you can try using a null byte ( %00 ) and see if that changes its behaviour. Or, again, look for a cheat sheet with some filter evasion techniques.

Options: ReplyQuote
Re: SQL Injection Attack in search form
Posted by: huz
Date: March 28, 2012 10:15AM

i am not understand much details about the alternate encoding.. what i know is to put the statement in the different form but in the same meaning..

anything else? for example how it can be done or something else..

any help would be appreciated.. :) thnks!

Options: ReplyQuote


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *