Kindly dont spoil my site but try to find flaws and report to me

blueman378 · December 23, 2008

lol /owned

aximbigfan · December 23, 2008

So now Its 99.99999999% SQLINJ free.

I can assure you it is not. The 'bad guys' out there are always trying to come up with new tricks. You might be now secured against most popular attacks, but you can never be sure 99.99999999% sure (I'd expect someone with your background to know, that a figure like 99.99999999% is useless, as it is virtually equal to 100%).

Anyways, congratulations on progress so far. If you could just come up with some more eye pleasing layout...

In a month they'll be buying it.

What do you mean by it?

Why a month, who you are considering to buy and what?

It was my comment on the fact, that despite your site was deemed as a hopeless case by most people here, they are still helping you.

Very true, In our country, especially my mom taught me one proverb "I one is there to hit a palm tree's head, there will be some one to hit that fellows head".

And you see now you are understanding GOD.

"IN LIFE THERE WILL BE UPS AND DOWNS TO MAKE A CYCLE".

My friend's dad taught me a proverb too, "Man who stand on toilet high on pot".

Also, please post you "intelligence" code. I don't see why anything like that would be necessary though...

Chris

om · December 23, 2008

OM what you said is not true at all. you have injection in your code and your making excuses to cover it up. i am not very impressed.

No not at all, i was giving my frank opinion, well by the time i posted the new logic, it worked fine with zero, but the code had some programmer made logical bugs which took about 15 hrs to bug out[Last 32]hrs I hardly slept, down for couple of min.

Just now Hopefully 5 to 6 login tests performed for almost all types.

So the code is inherently at logical level, rather than php level secured.

Failures:

0

Warnings:

0

Passes:

131580

SQL Injection String Test Results

hregcd

Submitted Form State:

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

hu_grp_id

Submitted Form State:

* hregcd: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

hcuna

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

huid

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

htpwd

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

htpwd1

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

ribtn

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

cbe

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

jbs_reg

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

Results genenerated on December 23, 2008 for http://www.ucy.in/cmb/sp_cmregis1.php?72b518d0c30f7358dc8ad8700f8e4584

here is a tip, that I [used] hate and love the most : "DIVIDE AND RULE", WHICH PreIndependent Indian days [olden day britisher ] used it to conquer India, for economic exploitation.

Maq · December 23, 2008

Listen om, please make a new thread in the security section. We already critiqued your site and you've gotten enough feedback. Every time I click on, "Show new replies to your posts." your thread is the first one to pop up and it's getting very annoying because for some reason I always have to reply.

So the code is inherently at logical level, rather than php level secured.

No, your site is insecure in more than PHP nor is it logical.

darkfreaks · December 23, 2008

OM you still have injection in the following variables i will not lie.

Unsafe Injection Found in : hregcd

darkfreaks · December 23, 2008

SQL Injection String Tests Summary (131580 results recorded)

Failures:

4

Warnings:

0

Passes:

131576

SQL Injection String Test Results

hregcd

Submitted Form State:

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Found

Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116

This field passed 14616 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

Maq · December 23, 2008

I get 5... What is going on om?!

SQL Injection String Tests Summary (102340 results recorded)

Failures:

5

Warnings:

0

Passes:

102335

darkfreaks · December 23, 2008

The scanner keeps Fluctuating sometimes it is none sometimes 3 sometimes 5 sometimes 7. i just wanted to prove the theory of his 'logic'

ardyandkari · December 24, 2008

his intelligent programming logic only allows prime numbers of vulnerabilities through...maybe it is smart!

seriously though om...if there are people in here who will scan for errors and not do anything malicious then i can guarantee that someone out there will find your site too annoying to stand and just break it for the heck of it.

fix the errors and then ask for help. also, dont demand help or place a timeframe. we have given you critiques, suggestions for layouts, suggestions for code changes, COMPLETE CODES...the list goes on. fix the problems and then we'll see what you can change next. dont say that your code is intelligent, because if it was people wouldnt be able to inject your site...(or maybe it would just shut the site down for the sake of mankind)

please fix the problems and then post. and make sure they are fixed.

ardyandkari · December 24, 2008

btw. your site doesnt validate either in the html or css...DONT PUT THE LINKS ON THE SITE IF IT DOESNT VALIDATE!

you just end up looking dumb...also, i still would quit using iframes if i were you.

aximbigfan · December 24, 2008

OM what you said is not true at all. you have injection in your code and your making excuses to cover it up. i am not very impressed.

No not at all, i was giving my frank opinion, well by the time i posted the new logic, it worked fine with zero, but the code had some programmer made logical bugs which took about 15 hrs to bug out[Last 32]hrs I hardly slept, down for couple of min.

Just now Hopefully 5 to 6 login tests performed for almost all types.

So the code is inherently at logical level, rather than php level secured.

Failures:

0

Warnings:

0

Passes:

131580

SQL Injection String Test Results

hregcd

Submitted Form State:

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

hu_grp_id

Submitted Form State:

* hregcd: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

hcuna

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

huid

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

htpwd

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

htpwd1

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

ribtn

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* cbe: ++

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

cbe

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* jbs_reg: ++Register

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

jbs_reg

Submitted Form State:

* hregcd: ++

* hu_grp_id: ++

* hcuna: ++

* huid: ++

* htpwd: ++

* htpwd1: ++

* ribtn: ++ Change / Refresh Image

* cbe: ++

Results:

This field passed 14620 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

Results genenerated on December 23, 2008 for http://www.ucy.in/cmb/sp_cmregis1.php?72b518d0c30f7358dc8ad8700f8e4584

here is a tip, that I [used] hate and love the most : "DIVIDE AND RULE", WHICH PreIndependent Indian days [olden day britisher ] used it to conquer India, for economic exploitation.

It's sad to know you are wasting your time. IF you are spending 15 hours to repair your own errors, you need to REALLY relearn PHP and MySQL. I spend maybe an hour at most at the end of a "complex" project making sure it works as it should.

Chris

darkfreaks · December 24, 2008

CSS: Congradulations your site is CSS 2.2.1 Valid

HTML(W3c): 36 errors (seriously OM get rid of the iframes and marquee we are not joking it is not W3c Valid AT ALL!) >:(

Injection: hreg needs to be fixed seriously!!!

darkfreaks · December 24, 2008

OM here is a suggestion but instead of Marquees use JavaScript light box.

http://www.huddletogether.com/projects/lightbox/

ardyandkari · December 24, 2008

how did you get the css to validate? when i clicked the link it took me to the main validation page where i copied and pasted the address into the bar and clicked submit and it came up w/ errors...

so confused...

ardyandkari · December 24, 2008

W3C CSS Validator results for http://www.ucy.in/cmb/ (CSS level 2.1)
Sorry! We found the following errors (28)
URI : http://www.ucy.in/cmb/ucyin_dxcss.css
55 	#sp_ttethr 	Parse Error : 30%: ;
56 	#sp_ttethr 	Parse error - Unrecognized }
120 	body 	Property link doesn't exist in CSS level 2.1 but exists in [css3] : #ff0
123 	body 	Parse Error : sans-serif::: ;
124 	font-family 	Parse Error font-family: "Arial Narrow", "Verdana Ref", Verdana, Modern, sans-serif, "Century Gothic";
125 	margin 	Parse Error margin: 3px;
126 	margin-top 	Parse Error margin-top: auto;
127 	vertical-align 	Parse Error vertical-align: middle;
128 	vertical-align 	Parse error - Unrecognized }
143 	a:hover 	Parse Error : solid:: ;
144 	a:hover 	Parse error - Unrecognized }
158 	a 	Parse Error : yellow:: ;
159 	link 	Parse Error link: #F6F600;
160 	link 	Parse error - Unrecognized }
55 	#sp_ttethr 	Parse Error : 30%: ;
56 	#sp_ttethr 	Parse error - Unrecognized }
120 	body 	Property link doesn't exist in CSS level 2.1 but exists in [css3] : #ff0
123 	body 	Parse Error : sans-serif::: ;
124 	font-family 	Parse Error font-family: "Arial Narrow", "Verdana Ref", Verdana, Modern, sans-serif, "Century Gothic";
125 	margin 	Parse Error margin: 3px;
126 	margin-top 	Parse Error margin-top: auto;
127 	vertical-align 	Parse Error vertical-align: middle;
128 	vertical-align 	Parse error - Unrecognized }
143 	a:hover 	Parse Error : solid:: ;
144 	a:hover 	Parse error - Unrecognized }
158 	a 	Parse Error : yellow:: ;
159 	link 	Parse Error link: #F6F600;
160 	link 	Parse error - Unrecognized }

Errors found while checking this document as HTML 4.01 Transitional!
Result: 3 Errors
Address:
Encoding: iso-8859-1
Doctype: HTML 4.01 Transitional
Root Element: html
Options
Show Source Show Outline List Messages Sequentially Group Error Messages by Type
Validate error pages Verbose Output Clean up Markup with HTML Tidy

Help on the options is available.

↑ Top
Validation Output: 3 Errors

1. Error Line 26, Column 15: there is no attribute "HYPERLINKTYPE".

hyperlinktype="url" href="http://www.csprgurukul.in/"><br>

✉

You have used the attribute named above in your document, but the document type you are using does not support that attribute for this element. This error is often caused by incorrect use of the "Strict" document type with a document that uses frames (e.g. you must use the "Transitional" document type to get the "target" attribute), or by using vendor proprietary extensions such as "marginheight" (this is usually fixed by using CSS to achieve the desired effect instead).

This error may also result if the element itself is not supported in the document type you are using, as an undefined element will have no supported attributes; in this case, see the element-undefined error message for further information.

How to fix: check the spelling and case of the element and attribute, (Remember XHTML is all lower-case) and/or check that they are both allowed in the chosen document type, and/or use CSS instead of this attribute. If you received this error when using the <embed> element to incorporate flash media in a Web page, see the FAQ item on valid flash.
2. Error Line 26, Column 26: there is no attribute "HREF".

hyperlinktype="url" href="http://www.csprgurukul.in/"><br>

✉

You have used the attribute named above in your document, but the document type you are using does not support that attribute for this element. This error is often caused by incorrect use of the "Strict" document type with a document that uses frames (e.g. you must use the "Transitional" document type to get the "target" attribute), or by using vendor proprietary extensions such as "marginheight" (this is usually fixed by using CSS to achieve the desired effect instead).

This error may also result if the element itself is not supported in the document type you are using, as an undefined element will have no supported attributes; in this case, see the element-undefined error message for further information.

How to fix: check the spelling and case of the element and attribute, (Remember XHTML is all lower-case) and/or check that they are both allowed in the chosen document type, and/or use CSS instead of this attribute. If you received this error when using the <embed> element to incorporate flash media in a Web page, see the FAQ item on valid flash.
3. Error Line 26, Column 54: element "P:ONMOUSECLICK" undefined.

hyperlinktype="url" href="http://www.csprgurukul.in/"><br>

✉

You have used the element named above in your document, but the document type you are using does not define an element of that name. This error is often caused by:
* incorrect use of the "Strict" document type with a document that uses frames (e.g. you must use the "Frameset" document type to get the "<frameset>" element),
* by using vendor proprietary extensions such as "<spacer>" or "<marquee>" (this is usually fixed by using CSS to achieve the desired effect instead).
* by using upper-case tags in XHTML (in XHTML attributes and elements must be all lower-case).

Mchl · December 24, 2008

how did you get the css to validate? when i clicked the link it took me to the main validation page where i copied and pasted the address into the bar and clicked submit and it came up w/ errors...

so confused...

He obviously is working on it all the time. The site was valid HTML 4.01 Transitional when I checked it some time ago (or at least it's front page was)

Maq · December 24, 2008

seriously though om...if there are people in here who will scan for errors and not do anything malicious then i can guarantee that someone out there will find your site too annoying to stand and just break it for the heck of it.

Good point. Especially anything to do with religion...

om · December 25, 2008

seriously though om...if there are people in here who will scan for errors and not do anything malicious then i can guarantee that someone out there will find your site too annoying to stand and just break it for the heck of it.

Good point. Especially anything to do with religion...

Dear Maq,

religion... is meant to teach you patience and not to loose out.

Well god bless you with it.

om · December 25, 2008

how did you get the css to validate? when i clicked the link it took me to the main validation page where i copied and pasted the address into the bar and clicked submit and it came up w/ errors...

so confused...

He obviously is working on it all the time. The site was valid HTML 4.01 Transitional when I checked it some time ago (or at least it's front page was)

You are right only the first page is validated.

After it I added icons

Later I modified css

I will debug

and post it back.

Well I uploaded new version of inside logged in

with new features added login and give comments please.

Thank all of you.

GBU

om · December 25, 2008

how did you get the css to validate? when i clicked the link it took me to the main validation page where i copied and pasted the address into the bar and clicked submit and it came up w/ errors...

so confused...

Sorry,

I am always testing

check the results now

W3C CSS Validator results for http://www.ucy.in/cmb (CSS level 2.1)

Congratulations! No Error Found.

This document validates as CSS level 2.1 !

om · December 25, 2008

OM here is a suggestion but instead of Marquees use JavaScript light box.

http://www.huddletogether.com/projects/lightbox/

Its good, thank you very much.

I down loaded but the licence is unacceptable, its long code.

More over marquee is short, quick and works with most, please give any technical drawbacks for it, instead of looks and feel.

thank you,

here is current clean that runs

login to check new look and feel, features.

darkfreaks · December 25, 2008

your layout is fine now OM but you still have injection in hreg

om · December 25, 2008

your layout is fine now OM but you still have injection in hreg

hAVE YOU LOGGED IN AND CHECKED INSIDE I DONT FIND YOU THERE?

CHECK YOUR HOTMAIL A/C FOR LOGIN DETAILS.

function sphpmn_entities($text){

$eresult = "";

for ( $i = 0; $i <= strlen($text) - 1; $i += 1) {

$eresult .= "&#".ord($text[$i]);

}

return $eresult;

}

function sphpmn_filter($text){

if (preg_match("#(on(.*?)\=|script|xmlns|expression|exec|EXEC

javascript|http)#si","$text",$ntext)){

$re = sphpmn_entities($ntext[1]);

$text = str_replace($ntext[0],$re,$text);

}

return $text;

}

function cleanDolr_post(&$item, &$key) {

$sp_dbcn = new sp_dbcon();

$link = $sp_dbcn->sp_getConc();

$item=strip_tags(trim($item));

/* check connection */

if(!($link)) {

echo "Failed to connect to the server\n";

// ... log the error properly

} else {

// Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

if(get_magic_quotes_gpc()) {$item=stripslashes($item);

}

$item=stripslashes($item);

//escaping MYSQL/MYSQLI Injection

$item=mysqli_real_escape_string($link,$item);

//Escaping Cross Site Scripting(XSS)

$item=htmlentities($item,ENT_QUOTES);

/* determine our thread id */

$thread_id = mysqli_thread_id($link);

/* Kill connection */

mysqli_kill($link, $thread_id);

/* close connection $_SESSION[cnt_con]++;*/

mysqli_close($link);

// echo "<br>..... ............$key holds $item\n<Hr>";

filter_var($item, FILTER_SANITIZE_STRING);

$item=sphpmn_filter($item);

here is the Google sqlInject me result

SQL Injection String Tests Summary (73100 results recorded)

Failures:

85

Warnings:

0

Passes:

73015

SQL Injection String Test Results

hl

Submitted Form State:

* q: ++

* btnG: ++Google Search

* btnI: ++I'm Feeling Lucky

* meta: ++

* meta: ++cr=countryIN

Results:

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Found

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

Server Status Code: 302 Found

Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --

Server Status Code: 302 Found

Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116

Server Status Code: 302 Found

Tested value: ' OR username IS NOT NULL OR username = '

Server Status Code: 302 Found

Tested value: 1' AND non_existant_table = '1

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: '; DESC users; --

Server Status Code: 302 Found

Tested value: 1 AND USER_NAME() = 'dbo'

Server Status Code: 302 Found

Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --

Server Status Code: 302 Found

Tested value: 1 AND 1=1

Server Status Code: 302 Found

Tested value: 1 EXEC XP_

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: 1 OR 1=1

This field passed 14603 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

q

Submitted Form State:

* hl: ++en

* btnG: ++Google Search

* btnI: ++I'm Feeling Lucky

* meta: ++

* meta: ++cr=countryIN

Results:

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Found

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

Server Status Code: 302 Found

Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --

Server Status Code: 302 Found

Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116

Server Status Code: 302 Found

Tested value: ' OR username IS NOT NULL OR username = '

Server Status Code: 302 Found

Tested value: 1' AND non_existant_table = '1

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: '; DESC users; --

Server Status Code: 302 Found

Tested value: 1 AND USER_NAME() = 'dbo'

Server Status Code: 302 Found

Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --

Server Status Code: 302 Found

Tested value: 1 AND 1=1

Server Status Code: 302 Found

Tested value: 1 EXEC XP_

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: 1 OR 1=1

This field passed 14603 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

btnG

Submitted Form State:

* hl: ++en

* q: ++

* btnI: ++I'm Feeling Lucky

* meta: ++

* meta: ++cr=countryIN

Results:

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Found

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

Server Status Code: 302 Found

Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --

Server Status Code: 302 Found

Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116

Server Status Code: 302 Found

Tested value: ' OR username IS NOT NULL OR username = '

Server Status Code: 302 Found

Tested value: 1' AND non_existant_table = '1

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: '; DESC users; --

Server Status Code: 302 Found

Tested value: 1 AND USER_NAME() = 'dbo'

Server Status Code: 302 Found

Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --

Server Status Code: 302 Found

Tested value: 1 AND 1=1

Server Status Code: 302 Found

Tested value: 1 EXEC XP_

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: 1 OR 1=1

This field passed 14603 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

btnI

Submitted Form State:

* hl: ++en

* q: ++

* btnG: ++Google Search

* meta: ++

* meta: ++cr=countryIN

Results:

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Found

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

Server Status Code: 302 Found

Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --

Server Status Code: 302 Found

Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116

Server Status Code: 302 Found

Tested value: ' OR username IS NOT NULL OR username = '

Server Status Code: 302 Found

Tested value: 1' AND non_existant_table = '1

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: '; DESC users; --

Server Status Code: 302 Found

Tested value: 1 AND USER_NAME() = 'dbo'

Server Status Code: 302 Found

Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --

Server Status Code: 302 Found

Tested value: 1 AND 1=1

Server Status Code: 302 Found

Tested value: 1 EXEC XP_

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: 1 OR 1=1

This field passed 14603 tests. To see all the passed results, go to Tools->SQL Inject Me->Options and click 'Show passed results in final report' and rerun this test.

Sign In

Kindly dont spoil my site but try to find flaws and report to me

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Important Information