Web Application Security
Re: SQLi with backslash Jun 24 2011 02:40PM
Robin Wood (robin digininja org)
On 24 June 2011 04:19, Henry Troup <htroup (at) acm (dot) org [email concealed]> wrote:
> You'd need to get an effective single quote in there. The MySql docs don't indicate any alternatives, but I might play around with \ 0 \ - introducing a null. Or you can see if some other layer might be kind enough to interpret some numeric representation like %27.
>
> You could also try some old school character spoofing with hex A7 - a slim chance in a modern system that a seven-bit interpretation might take place.
>
> Another slim possibility is the reverse, that there might be a translation of the "curly quotes" somewhere in the stack. That's U+2018 U+2019 and U+201B
>
> Good luck!

Given them a try and nothing but thanks for the ideas.

Robin

>
> Henry Troup
> Htroup (at) acm (dot) org [email concealed]
> It's very tricky to exploit SQL in the absence of that closing quote.  But I would be reluctant to conclude that this is a safe injection to leave.
> Sent from my BlackBerry 613-851-5095
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus