Wonder How ToGadget HacksNext RealityNull Byte
Forum Thread

SQL Injection with 2 Parameters in LAN

Apr 9, 2015 05:36 PM
Apr 10, 2015 03:52 PM

I use cable broadband and my isp uses a captive portal to authenticate users. I was just examining the login page and saw that it php file to verify the user.

like /user_check.php?user_id=id&pass=pass . I tried to access this php directly by providing my id and pass manually the result was :

id=694 pass=1234

result:-

"SELECT * FROM login_master WHERE login_id = '694'pass -12341"

I tried using sql injection here but it doesn't seem to work.The pass is always appended with a '-' sign and ends with 1.

I know it is an Apache web server,database is mySQL and OS is CentOS.

How should i proceed next?

Thanks in advance.

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!