«
»

SQL

%2527 trick …
No. zakaj gre pri %2527 Triku ? Če imamo kakšno preverjanje tega kar nam pošlje uporabnik (POST, GET, ..) in iščemo enojni narekovaj, lahko s tem v določenih primerih “pridemo mimo”.

Če spustimo skozi, urldecode za string %2527 dobimo %27 in če gre urldecode še enkrat skozi dobimo enojni narekovaj, dalje pa vemo kako in kaj … Smile .

Še nekaj povezav …
sql injection by Rsnake
sql injection by Justin Shattuck
sql injection by …
MySQL cheat sheets

in pa …
mysql_real_escape_string
mysql-inputoutput-validation

Tags: ,

This entry was posted on Thursday, May 1st, 2008 at 07:25 and is filed under SQL. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Click to Insert Smiley