I have two versions of a website. The first one has no security precautions against sql injections. So if I try something like:
Username: hello_world Password: 'or' 1=1
I'll be signed in as the user hello_world.
The second version of the website escapes single quotes to two single quotes. So the first attack I used on the first version doesn't work. When I get a successful login on the first version, I get a response that says:
username = hello_world & password = %27%20or%20%27%201%3D1
So all of the special characters are being replaced by their hex value. When I try something like this:
Username = hello_world
Password = %27%20or%20%27%201%3D1
In the second version of the site, it doesn't work (because the % is being changed to its hex value).
Is there a way I can log in as the user hello_world?
Aucun commentaire:
Enregistrer un commentaire