Follow us on Twitter!
It is never to LATE to become what you never WERE.
Saturday, December 03, 2016
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 39
Guests Online: 38
Members Online: 1

Registered Members: 96758
Newest Member: monez2020
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-06-05 17:20
Is any sql injection possible if magic_quotes_gpc is set to on?
Author

RE: SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-06-05 18:28
try %2527
just out the top of my head though


Author

RE: SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-05 20:29
Anarcho %2527 is ' in url decode, so it could be use to bypass the filters (but only if magic quotes is set to off - and programmer made bad filters).

After some exploring I discovered that with magic quotes set to on (which btw sux), we can't preform sql inject (correct me if it is wrong), same is with right caracters escaping.
In most of servers magic quotes is set to ON (also by default), so I wondering how are all this forums and portals so vulnerable to sql inject. (Do they manual disable magic quotes or what)??

I am not realy sure if this theory is right but I am realy interesting about it.