From: Jeff Bryner (jbryner1@yahoo.com)
Date: Thu Mar 25 2004 - 12:13:14 EST
--- Falcifer <falcifer2001@yahoo.es> wrote:
> Hi,
>
> I've one aplication coded on asp with a login form and the only
> character that it validates its the withe space.
>
> Can i perform a sql injection on it? how?
SQL is nice enough to do some automatic parsing for you..so
select''+@@version
will work. Of course if the validation is client side, just bypass it.
=====
Jeff
-----------------------
You... you can't dump me! I'm using your name for all my passwords! What exactly am I supposed to do about that!?
- Justin Simoni
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT