1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A List builders worst nightmare

Discussion in 'BlackHat Lounge' started by MrBeastsOnToast, Sep 22, 2012.

  1. MrBeastsOnToast

    MrBeastsOnToast Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 17, 2011
    Messages:
    916
    Likes Received:
    536
    Location:
    The Internetz
    hAq95.png
     
  2. Bruut

    Bruut Regular Member

    Joined:
    Aug 9, 2012
    Messages:
    227
    Likes Received:
    149
    well always keep backup lol
     
  3. LittleBoots

    LittleBoots Registered Member

    Joined:
    Apr 27, 2012
    Messages:
    89
    Likes Received:
    21
    Occupation:
    Student
    Location:
    United Kingdom
  4. Orbit143

    Orbit143 Senior Member

    Joined:
    Aug 8, 2010
    Messages:
    893
    Likes Received:
    588
    Location:
    /home
    Is that possible? Doesnt the app have some input control mechanism?
     
  5. MrBeastsOnToast

    MrBeastsOnToast Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 17, 2011
    Messages:
    916
    Likes Received:
    536
    Location:
    The Internetz
    tbh i have no idea how list builders manage their lists. but in theory its possible. its just basic SQL.

    i would imagine though that any list management software worth its salt would have protection against SQL injection like this.
     
  6. doepjohn

    doepjohn Registered Member

    Joined:
    Apr 2, 2012
    Messages:
    84
    Likes Received:
    8
    It won't work. Not a valid query. % instead of * MAY work, but still highly doubtful.
     
  7. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    As above said, not possible. Atleast not in the assumed sense.

    It would probably look like: "DELETE FROM table WHERE email='*@*.*"