hassssssiktir! takdire sayan
|
bakomdej123: very true.... :) oh yes
|
thats pretty slick .. not sure where your using sql tho lol .. the sad thing about this is its a school site that was prolly wrote by some kid taking some basic javascript an html class's using code from the first pages of the books
|
the thing he typed into the password field was SQL.
i agree that was basic javascript. the point though is that even advanced javascript is still client-side security. this needs to be blocked on the server side to be effective.
|
i understand all that .. but sql is not by fav lang .. mostly because i dont really have use for it .. but i do know what it is and how its used .. just not sure what the sql code he put in the password means .. im sure that its being posted to something like php or other server side script .. but not sure what it does once it gets there
|
he's adding a condition that's universally true (1=1) so that he gets let in. the first part: select * from users where username = '' and password = '' he doesn't know what those values are. so he adds OR 1 = 1 which tells the sql server to return the records anyway even if the username and password are wrong.
|
yo man thx this video is one of the best here on youtube
|
lol at the 'maxlength' remark xD
|
mean people suck....
|
A. Learn to type/spell.
B. He said he was asked to test the security of the website.
C. This is what he has done with his life, Tell me what you have done.
-He was doing this in the first place help-
"i think u know something that can be good to servers and admins"
|
3 : 24 
2006©Viduz.com All Rights Reserved. All Video materials brought by YouTube.com