Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 29
Guests Online: 22
Members Online: 7

Registered Members: 82895
Newest Member: kevy90
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-06-05 17:20
Is any sql injection possible if magic_quotes_gpc is set to on?
Author

RE: SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-06-05 18:28
try %2527
just out the top of my head though


Author

RE: SQL Injection


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-05 20:29
Anarcho %2527 is ' in url decode, so it could be use to bypass the filters (but only if magic quotes is set to off - and programmer made bad filters).

After some exploring I discovered that with magic quotes set to on (which btw sux), we can't preform sql inject (correct me if it is wrong), same is with right caracters escaping.
In most of servers magic quotes is set to ON (also by default), so I wondering how are all this forums and portals so vulnerable to sql inject. (Do they manual disable magic quotes or what)??

I am not realy sure if this theory is right but I am realy interesting about it.