| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0a0a01c576b1$c5ae2360$6e64a8c0@intranet.local>
Date: Tue, 21 Jun 2005 17:37:14 -0500
From: David Eduardo Acosta Rodríguez <david.acosta@...ernet-solutions.com.co>
To: "Pablo Escobar" <slackware77@...il.com>,
<pen-test@...urityfocus.com>, <nessus@...t.nessus.org>,
<bugtraq@...urityfocus.com>
Subject: Re: how to exploit SQL INJECTION?
Hi:
Please read:
http://www.ngssoftware.com/papers.htm <- very interesting papers about SQL
Injection
http://security-papers.globint.com.ar/oracle_security/sql_injection_in_oracle.php
<- from Esteban Martínez Fayó
http://www.imperva.com/application_defense_center/papers/ <- Good papers
Cordial saludo,
Ing. David E. Acosta R.
Security Consultant - CISSP
Internet Solutions Colombia
"The Information Security Experts"
http://www.internet-solutions.com.co
david.acosta@...ernet-solutions.com.co
Phone (movil):(300)2089961
Phone (office):(091)3120910 ext 17
----- Original Message -----
From: "Pablo Escobar" <slackware77@...il.com>
To: <pen-test@...urityfocus.com>; <nessus@...t.nessus.org>;
<bugtraq@...urityfocus.com>
Sent: Tuesday, June 21, 2005 4:06 PM
Subject: how to exploit SQL INJECTION?
Hello people, I made in my network website server with SQL with
vulnerabilities to learn how to exploit it, I searched in google and i
tried but dont work, the report of the nessus is:
The following URLs seem to be vulnerable to various SQL injection
techniques :
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a
now,how can I exploit it?,somebody can guide me plz?,thank u very
much,good luck.
Powered by blists - more mailing lists