Okay /g/.
Let's say, purely hypothetically ofcourse, that someone found that by turning off javascript and then entering apostrophes in a search field on a site you could produce an error message.
What would be the easiest way to exploit this, if possible at all?
by downloading all of their ram and using it for things like gifs and bandwidyh aggregation. but youd have to be super leet to really pull off something like that
unless the site is ancient, its backend is using a prepared query. Youre probably out od luck
>>51485080
Yeah ok. Thing is, this somene really just want to edit a record in one of their databases. It's a bit risky since this database also contains social security numbers. What are the odds of doing something like this unnoticed? Could the risk be worth it and how leet are we talking here?
>>51485139
I doubt they'll notice it if they're retarded enough not to sanitize inputs in 2015.
>>51485139
If the site and query being used are using outdated security (or none at all), this would be trivial to do.
However, chances are they are; and you will get caught.
>>51485127
Well that's a bummer then :/
>>51485063
just use sqlmap desu
>>51485164
This is why I was really surrprised to find this error.
>>51485166
Also this is what I feared. Perhaps it's not worth the risk if I even manage to pull it off. What's the worst thing that could happen? Prison?
>>51485242
Depends on where you live and what data you could have accessed, but prison may be a possibility.
Unless you have a very good reason, or don't care, don't try anything. It's not worth it.
If you want to practice shit like this, there's plenty of online resources to do it legally.
>>51485242
Just do it via Tor so it's not linked to your IP.
Whoever runs the Tor node at the end will just tell them to fuck off if you cycle circuits until you hit one in a good country.
