Who will break ITQuiz 2.0 first?
I poked one quotation mark on the search in a subject and found a very nice message: Server Error in '/' Application. Unclosed quotation mark after the character string ''.
Next: enter any SQL keyword, for example, OR - oh, a miracle! Again an error, but another: Server Error in '/' Application. Incorrect syntax near the keyword 'OR'.
Those. it turns out that no one escapes the search string. What do we get from this? ;-)
')
Link to the vulnerable page here
Next: enter any SQL keyword, for example, OR - oh, a miracle! Again an error, but another: Server Error in '/' Application. Incorrect syntax near the keyword 'OR'.
Those. it turns out that no one escapes the search string. What do we get from this? ;-)
')
Link to the vulnerable page here
Source: https://habr.com/ru/post/21990/
All Articles