Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Friday, November 24, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 53
Guests Online: 53
Members Online: 0

Registered Members: 103106
Newest Member: duren5818
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-06-05 17:20
Is any sql injection possible if magic_quotes_gpc is set to on?
Author

RE: SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-06-05 18:28
try %2527
just out the top of my head though


Author

RE: SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-05 20:29
Anarcho %2527 is ' in url decode, so it could be use to bypass the filters (but only if magic quotes is set to off - and programmer made bad filters).

After some exploring I discovered that with magic quotes set to on (which btw sux), we can't preform sql inject (correct me if it is wrong), same is with right caracters escaping.
In most of servers magic quotes is set to ON (also by default), so I wondering how are all this forums and portals so vulnerable to sql inject. (Do they manual disable magic quotes or what)??

I am not realy sure if this theory is right but I am realy interesting about it.