Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
New Ownership - Policies and Changes Going Forward
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


How to find the Vul SQLi on the site filter_list
Author
Message
blackcobra Offline
Junior Member
Eleven Years of Service
Posts: 21
Threads: 5
Reputation: 0
Currency: 0 NSP
How to find the Vul SQLi on the site 02-22-2013, 03:26 AM #1
Hello

How can i find a SQLi on the site have extension *.hml or other extension.
ex: example.com/products.html

how can I find vul on that?

Thx

Reply

blackcobra Offline
Junior Member
Eleven Years of Service
Posts: 21
Threads: 5
Reputation: 0
Currency: 0 NSP
How to find the Vul SQLi on the site 02-22-2013, 03:26 AM #2
Hello

How can i find a SQLi on the site have extension *.hml or other extension.
ex: example.com/products.html

how can I find vul on that?

Thx

Reply

blackcobra Offline
Junior Member
Eleven Years of Service
Posts: 21
Threads: 5
Reputation: 0
Currency: 0 NSP
RE: How to find the Vul SQLi on the site 02-24-2013, 05:25 PM #3
Anyone can help me?

Thx

Reply

blackcobra Offline
Junior Member
Eleven Years of Service
Posts: 21
Threads: 5
Reputation: 0
Currency: 0 NSP
RE: How to find the Vul SQLi on the site 02-24-2013, 05:25 PM #4
Anyone can help me?

Thx

Reply

Cosmic_mybb_import11040 Offline
Banned
Eleven Years of Service
Posts: 18
Threads: 2
Currency: 12 NSP
RE: How to find the Vul SQLi on the site 02-25-2013, 12:36 AM #5
Don't double post if no one replies.

Reply

1llusion Offline
(<marquee>)
Twelve Years of Service
Posts: 3,799
Threads: 957
Reputation: 0
Currency: 37 NSP
RE: How to find the Vul SQLi on the site 02-25-2013, 10:36 PM #6
There are several techniques, please read some SQL injection tutorial to actually understand what you are looking for.
Staff will never ever ask you for your personal information.
We know everything about you anyway.

Website
Reply

blackcobra Offline
Junior Member
Eleven Years of Service
Posts: 21
Threads: 5
Reputation: 0
Currency: 0 NSP
RE: How to find the Vul SQLi on the site 02-26-2013, 03:50 AM #7
(02-25-2013, 10:36 PM)1llusion Wrote: There are several techniques, please read some SQL injection tutorial to actually understand what you are looking for.

I read, but the tutorial only show where u have ID not html or other extension file such chn...

Reply

1llusion Offline
(<marquee>)
Twelve Years of Service
Posts: 3,799
Threads: 957
Reputation: 0
Currency: 37 NSP
RE: How to find the Vul SQLi on the site 02-26-2013, 05:49 PM #8
(02-26-2013, 03:50 AM)blackcobra Wrote:
(02-25-2013, 10:36 PM)1llusion Wrote: There are several techniques, please read some SQL injection tutorial to actually understand what you are looking for.

I read, but the tutorial only show where u have ID not html or other extension file such chn...

Oh... euhmmm... read a bit about parameters and how they are sent to server. POST and GET methods and general stuff around.
A little introduction: http://www.w3schools.com/tags/ref_httpmethods.asp

if you have a URL of:
Code:
index.php?test=something
the ".php" is extension and "test=something" is parameter.
Staff will never ever ask you for your personal information.
We know everything about you anyway.

Website
Reply

blackcobra Offline
Junior Member
Eleven Years of Service
Posts: 21
Threads: 5
Reputation: 0
Currency: 0 NSP
RE: How to find the Vul SQLi on the site 02-28-2013, 04:54 AM #9
(02-26-2013, 05:49 PM)1llusion Wrote:
(02-26-2013, 03:50 AM)blackcobra Wrote:
(02-25-2013, 10:36 PM)1llusion Wrote: There are several techniques, please read some SQL injection tutorial to actually understand what you are looking for.

I read, but the tutorial only show where u have ID not html or other extension file such chn...

Oh... euhmmm... read a bit about parameters and how they are sent to server. POST and GET methods and general stuff around.
A little introduction: http://www.w3schools.com/tags/ref_httpmethods.asp

if you have a URL of:
Code:
index.php?test=something
the ".php" is extension and "test=something" is parameter.


Which tool I can find the parameter? Burp....?

Reply

Faner Offline
Member
Twelve Years of Service
Posts: 157
Threads: 8
Reputation: 0
Currency: 0 NSP
RE: How to find the Vul SQLi on the site 02-28-2013, 09:19 PM #10
Some websites uses that mod_rewrite or something like that, to change url.
For example I have seen the webpage
Code:
http://www.website.com/articles/science/spaceship_fuel.html
and after few tests turned out, that "spaceship_fuel" is GET parameter for sql. So to find sql injection vulnerability you need luck, experience and some brains. Basic web programming knowledge also helps.

Reply







Users browsing this thread: 2 Guest(s)