I don't know, this is my less knowledge or actualy this problem unsolved.
We knew that when you do Injection to some website, there is Single Quote or Double Quote in SQL Injection code. But actualy, Single Quote and or Double Quote would be converted by SQL automatically. Because i want to attacking SQL with String object not numeric object. We know If a numeric object, in SQL we don't not need to use Single quote or Double quote in writing PHP code. So, attacking it is easy. But if string object, in PHP code we have to do give single quote at first and last.
- The ‘ will becomes \’
- don’t will become don\’t
- ‘ OR ’1′ = ’1 will become \’ OR \’1\’ = \’1
I had found hex,decimal,html,ascii code for single quote but still not work.(0xbf and 0x27)
Last, maybe you want to share your experience and knowledge, im still waiting your comment on bellow of the post. Thanks
Referrence :
http://www.itshacked.com/344/bypassing-php-security-addslashes-while-sql-injection-attacks-is-possible.html
Tidak ada komentar:
Posting Komentar