TechKnow

Author Topic: How to inject sql query in a filterd field  (Read 320 times)

0 Members and 1 Guest are viewing this topic.

Offline tauheedkhan

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
  • Uber-Noobie
  • Tablet / Size / Model: Laptop
How to inject sql query in a filterd field
« on: January 28, 2018, 09:13:35 AM »
Any suggestion on injecting sql query in a field where only alpha numeric inputs are accepted

ERROR MESSAGE

Invalid input. Please press your browser's back button and re-attempt your submission.
Please double-check that the characters you entered are normal A-Z or 0-9 alphanumeric letters or numbers. If you are using any special symbols in your submission, please remove them, and then re-submit your request.

Example of special characters would be the following: [email protected]#$%^&*-(),+={}?:"

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: How to inject sql query in a filterd field
« Reply #1 on: July 10, 2018, 11:19:59 AM »
Any suggestion on injecting sql query in a field where only alpha numeric inputs are accepted

ERROR MESSAGE

Invalid input. Please press your browser's back button and re-attempt your submission.
Please double-check that the characters you entered are normal A-Z or 0-9 alphanumeric letters or numbers. If you are using any special symbols in your submission, please remove them, and then re-submit your request.

Example of special characters would be the following: [email protected]#$%^&*-(),+={}?:"
Hello Tauheedkhan,

Hard filtered can sometimes be bypassed, have a look at this article:

https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/

HcH

Offline NotBeyar

  • EHVSN
  • Full Member
  • *
  • Posts: 176
  • Karma: +4/-0
  • Fully stacked developer.
Re: How to inject sql query in a filterd field
« Reply #2 on: July 19, 2018, 07:43:30 PM »
I think OWASP did a well written article about bypassing filters and firewalls.
https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF