Web programming question

**323** · 21 Apr. 2013 05:18pm

Also, the first URL is much less exploitable than the second. All SQL injections are through vuln.com/vuln.php?blabla=1 type URLs, not vuln.com/vuln/1 haha.

**Tree** · 21 Apr. 2013 05:27pm

Originally Posted by Flareboy323

Also, the first URL is much less exploitable than the second. All SQL injections are through vuln.com/vuln.php?blabla=1 type URLs, not vuln.com/vuln/1 haha.

That's not true, they are essentially the same thing either way. If an exploit can be applied to the PHP argument itemid, then an exploit would most likely als

rk through the second example.

**323** · 21 Apr. 2013 06:19pm

Originally Posted by Tree

That's not true, they are essentially the same thing either way. If an exploit can be applied to the PHP argument itemid, then an exploit would most likely als

rk through the second example.

Oh really? That's cool, I actually didn't know that. I figured the second one wouldn't be able to take the same type of input like the first one does, but I'm guessing you're correct.

**Artificial** · 22 Apr. 2013 01:28am

Originally Posted by Flareboy323

Also, the first URL is much less exploitable than the second. All SQL injections are through vuln.com/vuln.php?blabla=1 type URLs, not vuln.com/vuln/1 haha.

You're only right in the sense that, rewrite rules are often much more explicit. If you look at my regular expression pattern, I'm only accepting characters in the range of a-z, A-Z, 0-9 and - (and passing through some funky characters that aren't in the query string can often create a malformed URL. Still not impossible though).

Thread: Web programming question

LinkBack

Thread Tools

Search Thread

Rate This Thread

Display

Hybrid View

Posting Permissions