How to evade white spaces in a SQL injection

From: Falcifer (falcifer2001@yahoo.es)
Date: Thu Mar 25 2004 - 08:00:08 EST

• Next message: muts@zahav.net.il: "RainbowCrack Web Application"
• Previous message: Lachniet, Mark: "RE: Pen-tester's analysis of .NET security?"
• Next in thread: Jeff Bryner: "Re: How to evade white spaces in a SQL injection"
• Reply: Jeff Bryner: "Re: How to evade white spaces in a SQL injection"
• Reply: Javier Fernandez-Sanguino: "Re: How to evade white spaces in a SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I've one aplication coded on asp with a login form and the only
character that it validates its the withe space.

Can i perform a sql injection on it? how?

Thanks

PD: the DBMS its SQL server

---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

• Next message: muts@zahav.net.il: "RainbowCrack Web Application"
• Previous message: Lachniet, Mark: "RE: Pen-tester's analysis of .NET security?"
• Next in thread: Jeff Bryner: "Re: How to evade white spaces in a SQL injection"
• Reply: Jeff Bryner: "Re: How to evade white spaces in a SQL injection"
• Reply: Javier Fernandez-Sanguino: "Re: How to evade white spaces in a SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT