Re: SQLi with backslash

[Robin Wood <robin () digininja org>]

On 24 June 2011 04:19, Henry Troup <htroup () acm org> wrote:
> You'd need to get an effective single quote in there. The MySql docs don't indicate any alternatives, but I might 
> play around with \ 0 \ - introducing a null. Or you can see if some other layer might be kind enough to interpret 
> some numeric representation like %27.
>
> You could also try some old school character spoofing with hex A7 - a slim chance in a modern system that a seven-bit 
> interpretation might take place.
>
> Another slim possibility is the reverse, that there might be a translation of the "curly quotes" somewhere in the 
> stack. That's U+2018 U+2019 and U+201B
>
> Good luck!

Given them a try and nothing but thanks for the ideas.

Robin

> Henry Troup
> Htroup () acm org
> It's very tricky to exploit SQL in the absence of that closing quote.  But I would be reluctant to conclude that this 
> is a safe injection to leave.
> Sent from my BlackBerry 613-851-5095



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------