Home page logo

pen-test logo Penetration Testing mailing list archives

Sql injection in search filed
From: Juan B <juanbabi () yahoo com>
Date: Fri, 5 Dec 2008 07:49:48 -0800 (PST)

Hi Dear Friends,

I am doing a pen test of web apps for a client, I use A
Acunetix web apps scanner, now the scanner tells mi the
client has an SQL injection issue in a search field in his
site. im looking for ways to exploit this issue to reveal
all the data or to inject data or something similar, the
thing is that I cant see a way to doa that and Im not sure
Its worth the time cause,well what a search form can reveal?
just all the data that it was should reveal in the firest
place right? its not a usual sql injection since I dont have
any authentincation method that I should bypass. I did issue
a search for " ` " and it tells me that it didnt
find any words contaning this word, the same for `ADMIN'
or '1' = '1 any ideas how to continue?

thanks a lot !



This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]