Jump to content

Help With Sql Injection


Recommended Posts

So basically the deal is I want to know if I should be worried.

I am doing something like this .asp?ID=1'

and I get back a blank page so I am assuming my only option is to do blind injection, but what else might this mean?

If it doesn't work then I get a different message saying the session has ended so seems like there might be a hole there. I need schooled on sql injection. I haven't tried seeing if there is a WAF in place or encoding I just tried to do the basics and want to make sure I understand what the blank page means.

Thanks guys

Link to comment
Share on other sites

Blank page might just mean they have error handling set to blank pages, or there really is no data returned and instead of a 404, they just server a blank page. Search for Joe McCray on YouTUBE. He does a lot of talks on sqli and a great place to start.

Link to comment
Share on other sites

Yeah I have been watching him I finally got a 404 page which was different than the blank page. I am starting to find out that SQL injection is a real PITA when going up against a pretty solid setup.

I used this and others like it and got the 404 page: if (select user) = 'sa' waitfor delay '0:0:10'

but it did not wait for 10 secs so it might be filtering all this stuff. I actually hope I can't get into it that way I know my vendors shit is secure and we aren't getting screwed.

Link to comment
Share on other sites

  • 5 months later...
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...