Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: BLIND SQL Injection Question

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: BLIND SQL Injection Question
Date: Thu, 13 Dec 2007 11:54:42 -0500 
On 12/13/07 10:46, Yanyan Wang wrote:


The result might be alse positive as

foo.cgi?email=valid+sql returns "'valid+sql' is not a valid email".

foo.cgi?email=invalid+sql returns "'invalid+sql' is not a valid
email".

returned the same value, but the page is not accessing sql in that
page.


Are you able to show  exactly what is returned?


I'm just perplexed why would same identical scan return two different
reports.


A timeout issue? Content filtering? ... hard to say really.

Btw, as Renaud asked before, which revision of the plugin were you using
when you ran the scans?


Would it have anything to do with this bug?

req = http_get(item:bogus_vrequest, port:port); bres =
http_keepalive_send_recv(port:port, data:req);

if (egrep(string:bres, pattern:"^HTTP/1\..*200 OK")) { exit(0); }


Could you explain what you're referring to, especially as it relates to
the different results you experienced?


George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: XSL for ".nessus" format, Mike . Vasquez
Next by Date:  Fetching the vuln data remotely, Dheerendra Madhusudhana
Previous by Thread:  Re: BLIND SQL Injection Question, Yanyan Wang
Next by Thread:  Re: BLIND SQL Injection Question, Renaud Deraison (lists)
Indexes:  [Date] [Thread] [Top] [All Lists]