Pablo theres a ton of info in Google about SqlInject, but to be more specific
www.sqlsecurity.com Theres a nice paper about SQL inyects from M. Racciatti at http://www.hernanracciatti.com.ar/document/Tecnicas%20de%20SQL%20Injection%2 0-%20Un%20Repaso.pdf In that paper you have a lot of links with a TON of info about sql and more. Hope it helps. My $.02 \\-----Original Message----- From: Pablo Escobar [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 7:06 PM To: [email protected]; [email protected]; [email protected] Subject: how to exploit SQL INJECTION? Hello people, I made in my network website server with SQL with vulnerabilities to learn how to exploit it, I searched in google and i tried but dont work, the report of the nessus is: The following URLs seem to be vulnerable to various SQL injection techniques : /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id='UNION' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id=' /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id='%22 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id=9%2c+9%2c+9 /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id='bad_bad_value /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id=bad_bad_value' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='+OR+' /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id='WHERE /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id=%3B /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id='OR /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id=' or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id= or 1=1-- /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=' or 'a'='a /resources/expand_subject.asp?id=') or ('a'='a /resources/expand_subject.asp?id=') or ('a'='a /resources/expand_subject.asp?id=') or ('a'='a now,how can I exploit it?,somebody can guide me plz?,thank u very much,good luck. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
