Any webdev not checking their input and putting strings into a query from a web post should be put in an industry blacklist. Also foreigners should never be allowed to work on critical systems. Hell most citizens shouldn't be allowed to work on them either.
Prepared statements stop sql injection cold. That and whitelisting is literally all you have to do. Why everyone isn't just using them is retarded. Sql injection is something that belongs in last century. Languages shouldn't even allow anything but prepared statements. Hell, they shouldn't even allow variables in the query. Just force the things that can't use prepared statements to be hard coded and do a switch on which prepared statement to use or something like predefined whitelist variables this way it's impossible to screw up--something like ?var. Pseudocode:
I occasionally tune into NPR radio to see what the latest outrage is coming coming down the line, and today it was how the 2,000 Mules 'debunked' 'fake documentary-style' movie is right-wing propaganda fueling conspiracy theories and violence.
No evidence to back up their claims; just tons of logical fallacies. To be honest, I'm surprised they're even touching it with a 12 foot vaccinated cucumber; must be getting desperate.
You can get info by triggering errors which might go only to the screen or might go to an unmonitored log. You can also just inject a SHOW TABLES or DESCRIBE statement which wouldn't throw an error.
All of this depends on how the target is configured if it'll work or not.
[ + ] allahead
[ - ] allahead 7 points 1.5 yearsNov 3, 2022 16:28:08 ago (+7/-0)
[ + ] zr855
[ - ] zr855 0 points 1.5 yearsNov 4, 2022 03:04:11 ago (+0/-0)*
Pseudocode:
?var=(option1, option2, option3)
update email, pass with ? ? orderby ?var
?var would be a special predefined, db varaible. In your prepared statements you could only use ? and ?vars not ordinary variables.
https://www.youtube.com/watch?v=WONbg6ZjiXk
[ + ] La_Chalupacabra
[ - ] La_Chalupacabra 2 points 1.5 yearsNov 3, 2022 18:40:28 ago (+2/-0)
No evidence to back up their claims; just tons of logical fallacies.
To be honest, I'm surprised they're even touching it with a 12 foot vaccinated cucumber; must be getting desperate.
[ + ] lord_nougat
[ - ] lord_nougat 2 points 1.5 yearsNov 3, 2022 17:15:00 ago (+2/-0)
[ + ] allAheadFull
[ - ] allAheadFull 1 point 1.5 yearsNov 3, 2022 20:13:07 ago (+1/-0)
[ + ] CoronaHoax
[ - ] CoronaHoax 1 point 1.5 yearsNov 3, 2022 21:15:15 ago (+1/-0)
Inside job
[ + ] SecretHitler
[ - ] SecretHitler 0 points 1.5 yearsNov 4, 2022 07:01:34 ago (+0/-0)
[ + ] CoronaHoax
[ - ] CoronaHoax 0 points 1.5 yearsNov 4, 2022 16:49:53 ago (+0/-0)
[ + ] SecretHitler
[ - ] SecretHitler 0 points 1.5 yearsNov 4, 2022 16:55:23 ago (+0/-0)
All of this depends on how the target is configured if it'll work or not.
[ + ] CoronaHoax
[ - ] CoronaHoax 0 points 1.5 yearsNov 4, 2022 17:00:18 ago (+0/-0)
Double whammy for tardedness.
[ + ] SecretHitler
[ - ] SecretHitler 0 points 1.5 yearsNov 4, 2022 17:03:49 ago (+0/-0)
[ + ]deleted
[ - ] deleted 0 points 1.5 yearsNov 4, 2022 08:38:34 ago (+0/-0)
[ + ] TheYiddler
[ - ] TheYiddler 0 points 1.5 yearsNov 4, 2022 06:18:25 ago (+0/-0)