Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
SQL Injection in PM's...possibly
Date: January 10, 2007 01:53PM

I'm pretty sure this is likely to be a fake error that's getting spat out, but I'll post it anyway: http://sla.ckers.org/forum/pm.php?2,page=send,message_id='OR'1'='1

Not sure if this has been posted before...

~system

Options: ReplyQuote
Re: SQL Injection in PM's...possibly
Posted by: WhiteAcid
Date: January 10, 2007 02:56PM

It is not a fake error, I installed phorum locally and it does the same thing. It is not exploitable though, not as far as I can see anyway.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: SQL Injection in PM's...possibly
Posted by: rsnake
Date: January 10, 2007 03:23PM

Try executing it again. ;) But anyway, it's not exploitable from what I can see. If you hear differently, please PM me.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: SQL Injection in PM's...possibly
Posted by: digi7al64
Date: January 10, 2007 06:18PM

lol@rsnake - finally an error message that makes sense.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: SQL Injection in PM's...possibly
Posted by: FlashO.-
Date: January 10, 2007 06:21PM

Judging by
Quote

select * from i_dont_think_so where nice_try in (fuck_face)
it was put there on purpose xD

Thanks::
Flash O.-

Options: ReplyQuote


Sorry, only registered users may post in this forum.