SQL Injections

Posted by ghimau under
Hmm.. Its been quite a while since I'm been playing with these stuff. Actually during this Ramadhan.. I'm quite tired to do this hacking stuff.

For a couple of weeks I'm been reading the old version of Hacking Exposed Web Application..eventhough its old, but it provides a strong doundation and understanding in 'hacking' and securing your web applications.

Tested a bug from milworm, more sql injections :) The actual script from milworm is like this :


Change it a bit, and I got full path disclosure :) Nice.

If I have time, i would try to enumerate the user tables also :)
Well the countermeasures : Do not be very kind to display those 'hacker's friendly' error/warning message. Do your own custom message to obfucaste the real one. Hihhihi


On 1 March 2009 at 15:13 , Anonymous said...

http://bprdanapos.com/ :)