OK - this had no chance of success since publish_date_desc is processed
using the _desc ( or _asc ) and any invalid data stripped
Date: Sunday, June 21, 2015 12:39:06 PM -0400
From: Aziz Saleh azizsa...@gmail.com
On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine les...@lsces.co.uk
wrote:
OK - this had no chance of success since publish_date_desc is
processed using the _desc ( or _asc ) and any invalid data
stripped
On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine les...@lsces.co.uk wrote:
OK - this had no chance of success since publish_date_desc is processed
using the _desc ( or _asc ) and any invalid data stripped
But what does your application do when it gets an invalid SQL statement?
Maybe it is telling the attacker something important about your database so
that they can compromise it with the appropriate injection.
On 2:36PM, Sun, Jun 21, 2015 Lester Caine les...@lsces.co.uk wrote:
On 21/06/15 18:55,
On 21/06/15 20:14, Mark Murphy wrote:
But what does your application do when it gets an invalid SQL statement?
Maybe it is telling the attacker something important about your database so
that they can compromise it with the appropriate injection.
It just defaults to the first news article in
On 21/06/15 18:55, Richard wrote:
OK - this had no chance of success since publish_date_desc is
processed using the _desc ( or _asc ) and any invalid data
stripped
sort_mode=publish_date_desc%20or%20(1,2)=(select*from(select%20n