Re: How to evade white spaces in a SQL injection

From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Fri Mar 26 2004 - 17:00:35 EST

• Next message: Falcifer: "Re: How to evade white spaces in a SQL injection"
• Previous message: Dinis Cruz: "RE: Pen-tester's analysis of .NET security?"
• In reply to: Falcifer: "How to evade white spaces in a SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Falcifer wrote:
> Hi,
>
> I've one aplication coded on asp with a login form and the only
> character that it validates its the withe space.
>

I guess that you mean that it is the only character it _removes_
In any case, did you test with tabs? (i.e. %09 instead of %20)
Also, you might be able to avoid the application if you use
alternative encodings (if it's an IIS server it will automagically
turn %u0020 to a space, which the application might not validate [1])

Regards

Javier

[1] Read the paper 'URL Encoded Attacks: Attacks using the common web
browser' by Gunter Ollmann

---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

• Next message: Falcifer: "Re: How to evade white spaces in a SQL injection"
• Previous message: Dinis Cruz: "RE: Pen-tester's analysis of .NET security?"
• In reply to: Falcifer: "How to evade white spaces in a SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT