lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jun 2005 17:37:14 -0500 From: David Eduardo Acosta Rodríguez <david.acosta@...ernet-solutions.com.co> To: "Pablo Escobar" <slackware77@...il.com>, <pen-test@...urityfocus.com>, <nessus@...t.nessus.org>, <bugtraq@...urityfocus.com> Subject: Re: how to exploit SQL INJECTION? Hi: Please read: http://www.ngssoftware.com/papers.htm <- very interesting papers about SQL Injection http://security-papers.globint.com.ar/oracle_security/sql_injection_in_oracle.php <- from Esteban Martínez Fayó http://www.imperva.com/application_defense_center/papers/ <- Good papers Cordial saludo, Ing. David E. Acosta R. Security Consultant - CISSP Internet Solutions Colombia "The Information Security Experts" http://www.internet-solutions.com.co david.acosta@...ernet-solutions.com.co Phone (movil):(300)2089961 Phone (office):(091)3120910 ext 17 ----- Original Message ----- From: "Pablo Escobar" <slackware77@...il.com> To: <pen-test@...urityfocus.com>; <nessus@...t.nessus.org>; <bugtraq@...urityfocus.com> Sent: Tuesday, June 21, 2005 4:06 PM Subject: how to exploit SQL INJECTION? Hello people, I made in my network website server with SQL with vulnerabilities to learn how to exploit it, I searched in google and i tried but dont work, the report of the nessus is: The following URLs seem to be vulnerable to various SQL injection techniques : /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=') or ('a'='a /resources/expand_subject.asp?id=') or ('a'='a /resources/expand_subject.asp?id=') or ('a'='a now,how can I exploit it?,somebody can guide me plz?,thank u very much,good luck.
Powered by blists - more mailing lists