Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Dodging the annoying /s for quotes

  1. Home
  2. Forum
  3. Web hacking
  4. Dodging the annoying /s for quotes

n30's Avatar

n30

Member
0 0

Okay, right, I found this site that is possibly vurnerable to SQL injection, one problem: it changes ' to \' Any ideas on how to get around it? I know it's possible, because someone emailed me about MY site showing how he got around it, but my email account was locked, so I can't see it.

Thanx in advance B)


Uber0n's Avatar

Uber0n

Member
0 0

n30 wrote: it changes ' to \'

Google for addslashes() That is a way to prevent exploits…


ghost's Avatar

ghost

0 0

But addslashes is hackable, they should be using mysql_real_unesape

Check here


ghost's Avatar

ghost

0 0

mozzer wrote: But addslashes is hackable, they should be using mysql_real_unesape

Check here

But that's under a non-default configuration of PHP.


ghost's Avatar

ghost

0 0

Works only in chinese :angry: