Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vyacheslav Lebedev2014-08-25 00:17:41
SQL
Vyacheslav Lebedev, 2014-08-25 00:17:41

Is it possible to conduct sql-inj or some other not 'good' dirty trick, having found something like this?

Occasionally I check sites for sql injections, out of curiosity!
And now, for the first time, a site was found with an error thrown out on the screen :)
http://cp.ketrawars.ru/'login
And here is the thrown error:

ErrorException [ Fatal Error ]: Call to a member function render() on a non-object | 
APPPATH/system/classes/Kohana/Controller/Template.php:44

It is very interesting how this "exploit?" can be used?
And be so kind as to throw something to read on this topic (since the question has appeared).
THANK!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey, 2014-08-25
@slavikse

This bug doesn't affect the database, and you won't be able to call the code on the server, so there's not much you can do here.

Similar questions
D
dlyatupyhvoprosov2018-02-02 19:14:47
How to make GROUP BY output queries where count(column) >= 0? 2Reply
F
fraurig2018-02-05 17:59:34
Another problem with the subquery. What to do with aggregate functions? 2Reply
E
Eugene2015-09-30 20:27:40
A selection of recent comments? 1Reply
J
Jake Taylor2021-06-12 19:37:17
How to properly design a database table that should store a mailing address? 0Reply
Z
zilhome2015-10-02 13:58:47
How would you recommend editing the SQL database offline (without phpmyadmin)? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question