Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 25
Members Online: 0

Registered Members: 82850
Newest Member: hardstylurr
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

RE: Need your HELP !! SQL INJECTION problem

GTADarkDude
Member



Posts: 142
Location: The Netherlands
Joined: 23.02.08
Rank:
Newbie
Posted on 30-01-10 14:08
I think we're missing something. $data never gets set, nor are any SQL-queries executed, which makes it quite hard to exploit. Pfft Oh and another thing: use the [ code ] tag.

(Oh and even if the code would be correct, I still doubt that anyone will just give you the answer. Looks like a challenge from some other site you just can't solve.)


...

Edited by GTADarkDude on 30-01-10 14:10
- - -
Author

RE: Need your HELP !! SQL INJECTION problem

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 30-01-10 14:35
well the code is incomplete, but the issue here is the filter used below...
Code

if(eregi("from",$ck)) exit();
if(eregi("union",$_GET[id])) exit();





fairly easy to bypass, using comment tags (something like uni/**/on) should do, other then that you just do your regular injection routine :)


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 30-01-10 14:37
clone_4@hotmail.com