 |
|
 |
 |
Menu |
 |
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
 |
User Info |
 |
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 329
Members: 0
Total: 329
|
|
|
|
|
 |
Full disclosure |
 |
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
MS SQL Problem |
 |
Posted: Mon Apr 12, 2010 1:47 pm |
|
|
absorb |
Regular user |

 |
|
Joined: May 06, 2009 |
Posts: 14 |
|
|
|
 |
 |
 |
|
Hi, so I'm stuck at some point with MS SQL Injection. I started with adding ' at the end as usual. Site didn't change. Next I changed: the ?id=1' to ?id=-1'
Some values dissapeared, so it's a good sign (I think), added UNION ALL SELECT 1,2-- and got an error.
Then I used my own program to check the columns - 197 and the error was gone, but i got spammed with them all -_-. After changing some column number (for example with @@VERSION) the site still displays lots of data from the database but nothing changes. Tried with 196 columns = error, 197 and up = no error. Why I don't get and error with more than 197? I tried to add "+" between everything and it killed the "Syntax error" error... If anyone have any idea or questions - just ask and I'll post more pics or something. Thanks |
|
|
|
|
Posted: Mon Apr 12, 2010 5:41 pm |
|
|
VERTIGO |
Advanced user |

 |
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
 |
 |
 |
|
|
|
|
|
Posted: Tue Apr 13, 2010 5:25 pm |
|
|
vince213333 |
Advanced user |

 |
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
 |
 |
 |
|
Hey absorb,
VERTIGO has pm'ed me the url.
I'm afraid SQLi isn't possible on this one.
As it turns out, mssql tries to convert the parameter to an integer, which is offcourse impossible if you add text to the parameter...
I think you won't be possible to exploit this one, or at least I can't. |
|
|
|
|
Posted: Tue Apr 13, 2010 6:18 pm |
|
|
absorb |
Regular user |

 |
|
Joined: May 06, 2009 |
Posts: 14 |
|
|
|
 |
 |
 |
|
K, thanks for the help guys.
PS. Actually a guy on hackforums PM'ed me some table.column values :O So it's maybe possible  |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|