Discussion in 'BlackHat Lounge' started by MrBeastsOnToast, Sep 22, 2012.
well always keep backup lol
hahaha, amazing. Lol'd at this.
Is that possible? Doesnt the app have some input control mechanism?
tbh i have no idea how list builders manage their lists. but in theory its possible. its just basic SQL.
i would imagine though that any list management software worth its salt would have protection against SQL injection like this.
It won't work. Not a valid query. % instead of * MAY work, but still highly doubtful.
As above said, not possible. Atleast not in the assumed sense.
It would probably look like: "DELETE FROM table WHERE email='*@*.*"
Separate names with a comma.