You've Got LAMERZ!!!

This forum is for actual topics of discussion that do not fit the above categories.
Locked
danielwang
Village Idiot
Joined: Fri May 03, 2002 12:17 am
Location: Denver, CO Banned: Several times!
Contact:
Contact danielwang
Org Profile

You've Got LAMERZ!!!

Post by danielwang » Mon Jan 13, 2003 1:43 am

Boy, it sure is tempting to play with input parse flag injection escaping on these occasions... I wasn't even hacking around - just trying to fill out a form and BAM! On 2 or 3 seperate occasions today, I have had problems with using ' " and other symbols in forms... you've got lazy lamerz.


www1, Newtype Magazine wrote: An error has occured while connecting to the datab1tch:

Syntax error (mising operator) in query expression '(involving the use of /)'."

sConnectionString=Provider=DatabaseSoftware.ABC.DEFGH.1.2.3;Data SOurce=c:/the/websites/database/store.db
web01, Honda wrote: Project Address.exe raised exception class EDBEngineError with
'Network initilization failed. Drive not ready. File:
REP-1291 CF... invalid reset group... booring!

Somedays I just feel like filling out a form with:
You_sucker/"'DELETE ALL users WHERE name.Fname BEGINS WITH a OR ''='' "
Top
danielwang
Village Idiot
Joined: Fri May 03, 2002 12:17 am
Location: Denver, CO Banned: Several times!
Contact:
Contact danielwang
Org Profile

Post by danielwang » Mon Jan 13, 2003 1:50 am

I might just as well post the web directory information, host information, software versions, OS, and open ports, but you can figure it out yourself...

my gawd, someone's been lazy and forgot to include a
replace("'","''")
in their parsers. augh, damn unescaped escapes. if some lamer start hacking Hondacars.com or Newtype-usa.com, the first one deserved what they got. The second one almost does... hm, request a quote on a nice new Acura, and request superuser permissions as well. eww.


maybe i'll send a simple email to the sysadmins with the body containing only their server directories... wouldn't that be FUN?
Top
danielwang
Village Idiot
Joined: Fri May 03, 2002 12:17 am
Location: Denver, CO Banned: Several times!
Contact:
Contact danielwang
Org Profile

Post by danielwang » Mon Jan 13, 2003 2:02 am

UPDATE!!!!
Newtype, again, wrote: Syntax error in INSERT INTO statement...

same old Dabab1tch info....
I can't seem to reproduce the Honda sh1t though. Must've been a fluke.

Now, how do I do SQL Injection again? Yeah, escape the parser and do parameter poisoning, then loop back in!
Top
danielwang
Village Idiot
Joined: Fri May 03, 2002 12:17 am
Location: Denver, CO Banned: Several times!
Contact:
Contact danielwang
Org Profile

Post by danielwang » Mon Jan 13, 2003 2:18 am

NEVERMIND THIS ARTICLE!

I emailed, they fixed. How responsive.
Top
User avatar
El Banana
Joined: Wed Nov 06, 2002 10:30 pm
Location: somewhere...
Org Profile

Post by El Banana » Mon Jan 13, 2003 2:48 am

I can't help but feel sad for the lonely, quadruple post.
Now at least it'll have company.
Top
Locked

Return to “General Off Topic”