2

I am trying to simulate an SQL injection on a VM Apache server. The query I send is being converted into the part of a parameter's value i.e an escape function is restricting me. For example if I enter ' Or 1=1;-- it will include the single quote along with the rest and consider it a singular value, thus restricting me from implementing a successful injection. The PHP version is Zend 2.3. SQLite DB.

Again this is an educational exercise. Only need a hint. Not the entire answer. Thanks in advance.

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
shezi27
  • 63
  • 4
  • 3
    might be helpful to show your http request and the server's response – KDEx Dec 09 '15 at 17:56
  • That's because a server firewall is being used block the sql injection. That's the point. – desbest Dec 09 '15 at 18:07
  • @Mogoroth Basically its a simple post request. The server checks the login twofold. Once the Username, then the hashed password. The username check uses an escape function. I wanted to know if there was another way to bypass the initial escape function. – shezi27 Dec 09 '15 at 18:18
  • try counteracting the ' ... and escapes or more ' ;) you have to think about it, there is nothing wrong with adding more parameters, though zend could be working differently and escaping them on the back end? share the code T__T – TheHidden Dec 10 '15 at 09:09
  • How can you be certain of that @desbest? There are many other possibilities for a SQLi failing. – Neil Smithline Dec 19 '15 at 19:15

0 Answers0