bypass input filter (SQL Injection / XSS)

From: Rick Zhong (sagiko@gmail.com)
Date: Tue Aug 22 2006 - 11:37:40 EDT

• Next message: Lee Lawson: "Mastercard SDP compliance testing."
• Previous message: R. DuFresne: "Re: Penetration Testing - Human Factor"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
Are there any SQL injection or XSS techniques to bypass server-side
input validation which filter special characters including \ ' " ( )
< > =

I also noticed that @ is allowed, but on a Oracle server? Can @ cause any harm?

regards,
Rick

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: Lee Lawson: "Mastercard SDP compliance testing."
• Previous message: R. DuFresne: "Re: Penetration Testing - Human Factor"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:47 EDT