Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 24
Members Online: 1

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

confused -.-


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-11-06 12:27
so i tryed the sql injection in basic 8 with -' or 'a'='a but when i submit it i get something like SQL Query Error: SELECT * FROM family_db WHERE password='-\' or \'a\'=\'a' whats with all those "\"?
Same thing happens in real 15 - when i add the ' mark in user notes and press save it would come out like \'. If i keep pressing it just multiplies them.
Author

RE: confused -.-


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-11-06 12:40
The backslashes are a result of the PHP function addslashes() being used. It is generally to prevent cross-site scripting and/or SQL injection vulnerabilities, though it doesn't always work.

For example, input such as
Code
"><script>alert('xss')</script>


would change to
Code
\"><script>alert(\'xss\')</script>


and would not alert xss, but input such as
Code
"><script>alert(1)</script>


would change to
Code
\"><script>alert(1)</script>


and would alert 1.