| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jun 2005 00:35:39 -0200
From: "Leandro Reox" <lmet5on@...ertel.com.ar>
To: "'Pablo Escobar'" <slackware77@...il.com>,
<pen-test@...urityfocus.com>, <nessus@...t.nessus.org>,
<bugtraq@...urityfocus.com>
Subject: RE: how to exploit SQL INJECTION?
Pablo theres a ton of info in Google about SqlInject, but to be more
specific
www.sqlsecurity.com
Theres a nice paper about SQL inyects from M. Racciatti at
http://www.hernanracciatti.com.ar/document/Tecnicas%20de%20SQL%20Injection%2
0-%20Un%20Repaso.pdf
In that paper you have a lot of links with a TON of info about sql and more.
Hope it helps.
My $.02
\\-----Original Message-----
From: Pablo Escobar [mailto:slackware77@...il.com]
Sent: Tuesday, June 21, 2005 7:06 PM
To: pen-test@...urityfocus.com; nessus@...t.nessus.org;
bugtraq@...urityfocus.com
Subject: how to exploit SQL INJECTION?
Hello people, I made in my network website server with SQL with
vulnerabilities to learn how to exploit it, I searched in google and i
tried but dont work, the report of the nessus is:
The following URLs seem to be vulnerable to various SQL injection
techniques :
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a
now,how can I exploit it?,somebody can guide me plz?,thank u very
much,good luck.
Powered by blists - more mailing lists