Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 33
Guests Online: 32
Members Online: 1

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

1=1 question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-06-07 05:42
ok so I found a site and in the url i type in images example

www.site.com/images

a blank pages loads

then i type in 1=1 in url and get this

www.site.com/images20%1=1 and
www.site.com/images1=1 with no space and the page is still blank and loads the 1=1

Does this mean its vulnerable ? What steps should i take next now ? I am not looking to destroy this site, nor gain anything from it its more of a learning experience that I really need. Thanks for the help HBH community =D>


Author

RE: 1=1 question

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 20-06-07 05:49
ok... there are like 50 things wrong with what you're trying...

a) for that to work it'd need to be a GET query, ie page.php?variable=value
b) a variable couldn't ebegin with a number
c) you can't redefince an integer
d) the sql test i believe you're getting at is ' and 1=1 which is a test of the fillters

that's four, i'll give you the other 996 when i get a chance :P

hope this helps

[[Edit: removed smilies]]




Edited by richohealey on 20-06-07 05:55
bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: 1=1 question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-06-07 06:04
firstly, yeah richo's right ur no where close to a vulnerability. Its gotta use the GET query as he mentioned above. It has to be excepting and running something through the server since what your tryin is an injections specifically an sql injection which is usually like ' 1=1 or ' 1=1--.And your trying to inject that query into it to make it accept a "true" value usually to test or bypass a login or area. Google SQL injections if you really wanna learn more, i know theres great articles on www.securifocus.com/ and www.securiteam.com . And the fact it just has a blank page, means they probably don't have a page settup as a redirect if you try goin to a page of the site that does not exist.idk if ya get wat i mean, but ahh well. peace.


Author

RE: 1=1 question

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 20-06-07 06:29
since he's looking at images, i'd say they put a empty document in there called index.html to keep people from snooping on their index.


but you can use ' and 1=1 to test parsing of sql injections without actually chagning anything.


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net