HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 42 guests and 1 member online
 
Advertisement

You are here: Home
EH-Net
May 23, 2013, 03:51:17 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
  Home Help Calendar Login Register  
  Show Posts
Pages: 1 [2]
16  Ethical Hacking Discussions and Related Certifications / Web Applications / Re: SQL Injection Question on: November 15, 2012, 05:36:03 AM
Hmm wouldn't you know right after I didn't think I could figure it out an d posted the question, I think I might understand now..

Is it to make sure the last AND is not executed, as we don't want it to return blank passwords.. just all users? Or one user is we specify one.. ?

Thanks again!! Smiley
17  Ethical Hacking Discussions and Related Certifications / Web Applications / SQL Injection Question on: November 15, 2012, 05:29:35 AM
Hey All,

I've been trying to work more on learning SQL syntax to better understand injection statements.  I came across an example, and I'm not sure I understand it completely.

They are detailing a sample authentication bypass, initially they put a purposefully wrong statement of:

SELECT * FROM admins WHERE (user = '' OR '1'='1') AND (pass = '')

They said it was wrong, as it would only match user's with blank passwords and I can see that, the parentheses change the order of operation.

This is what they suggested as the correct statement:

SELECT * FROM admins WHERE user = '' OR 1=1 OR '1'='1' AND pass = ''

Why are the two true conditions in there.. not sure why that fixes it?

If anyone could explain that, I would really appreciate it - it's stuck in my head, so I've been trying to find an answer!

Thanks in advance for all the help!

-DV Smiley
18  Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP - Two weeks in. on: November 01, 2012, 05:50:28 PM
Congratulations! Catalyst256! =)
19  EH-Net / Greetings / Re: Greetings and salutations! on: October 29, 2012, 05:17:00 AM
Welcome!  I've been reading up on some Computer Forensics items recently, I think the subject is fascinating.

-DV
20  EH-Net / News Items and General Discussion About EH-Net / Re: [Article]-September 2012 Free Giveaway Winner of ACE Hacklebox™ on: October 26, 2012, 11:45:08 AM
Congratulations! What an awesome prize Smiley

-DV
21  EH-Net / Greetings / Re: Greetings ;) on: October 23, 2012, 07:18:36 PM
My friend had an Atari, I believe it was an XL too.. not sure though its been quite a while.. was pretty sweet Smiley 
22  EH-Net / Greetings / Re: Greetings ;) on: October 22, 2012, 06:27:05 PM
Thanks for all the welcome's! Smiley

I've been in the Information Tech. field for 10+ years, but computers have always been a hobby/passion.  The subject of Ethical Hacking has always been my greatest interest, even before I knew that's what it was called..

My favorite Christmas is still the one where I got a Trash 80 =D !

I have a few certifications under my belt, and I'm trying to transition into the Info Sec field, hopefully to work as a pen. tester.

I love reading this forum - so keep up the good work!!

-DV
23  EH-Net / Greetings / Greetings ;) on: October 21, 2012, 07:31:45 PM
I have to be honest, I've been something of a watch only member for a while..!  Everyone does such a good job of asking/answering questions, I can usually find it on here Smiley

Just thought I would say hi, before posting officially Wink

Thanks for all the great information!

-DV
Pages: 1 [2]
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.094 seconds with 21 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.