WebApp Sec mailing list archives
Re: SQLi with backslash
From: Robin Wood <robin () digininja org>
Date: Fri, 24 Jun 2011 15:40:30 +0100
On 24 June 2011 04:19, Henry Troup <htroup () acm org> wrote:
You'd need to get an effective single quote in there. The MySql docs don't indicate any alternatives, but I might play around with \ 0 \ - introducing a null. Or you can see if some other layer might be kind enough to interpret some numeric representation like %27. You could also try some old school character spoofing with hex A7 - a slim chance in a modern system that a seven-bit interpretation might take place. Another slim possibility is the reverse, that there might be a translation of the "curly quotes" somewhere in the stack. That's U+2018 U+2019 and U+201B Good luck!
Given them a try and nothing but thanks for the ideas. Robin
Henry Troup Htroup () acm org It's very tricky to exploit SQL in the absence of that closing quote. But I would be reluctant to conclude that this is a safe injection to leave. Sent from my BlackBerry 613-851-5095
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- SQLi with backslash Robin Wood (Jun 23)
- Re: SQLi with backslash Voulnet (Jun 26)
- Re: SQLi with backslash Robin Wood (Jun 27)
- Message not available
- RE: SQLi with backslash Onken, Skyler (Jun 28)
- Re: SQLi with backslash Robin Wood (Jun 27)
- Re: SQLi with backslash Voulnet (Jun 26)
- Message not available
- Re: SQLi with backslash Robin Wood (Jun 26)
- <Possible follow-ups>
- Re: SQLi with backslash Robin Wood (Jun 26)