ok so I found a site and in the url i type in images example
a blank pages loads
then i type in 1=1 in url and get this
www.site.com/images1=1 with no space and the page is still blank and loads the 1=1
Does this mean its vulnerable ? What steps should i take next now ? I am not looking to destroy this site, nor gain anything from it its more of a learning experience that I really need. Thanks for the help HBH community =D>
ok... there are like 50 things wrong with what you're trying...
a) for that to work it'd need to be a GET query, ie page.php?variable=value
b) a variable couldn't ebegin with a number
c) you can't redefince an integer
d) the sql test i believe you're getting at is ' and 1=1 which is a test of the fillters
that's four, i'll give you the other 996 when i get a chance :P
firstly, yeah richo's right ur no where close to a vulnerability. Its gotta use the GET query as he mentioned above. It has to be excepting and running something through the server since what your tryin is an injections specifically an sql injection which is usually like ' 1=1 or ' 1=1--.And your trying to inject that query into it to make it accept a "true" value usually to test or bypass a login or area. Google SQL injections if you really wanna learn more, i know theres great articles on www.securifocus.com/ and www.securiteam.com . And the fact it just has a blank page, means they probably don't have a page settup as a redirect if you try goin to a page of the site that does not exist.idk if ya get wat i mean, but ahh well. peace.