- Joined
- Threads
- 2
- Posts
- 2
You must reply to see the hidden content. Consider upgrading your account to increase your reply limit.
Many of you may know about how SQL injection works. I have seen many insecure registration forms on tools such as Skin Royale, NETGuard etc. where they have username, password, email and "licence/token" boxes.
Here's a quick little tip to bypassing this system.
Simply copy and paste the value into the licence text box and fill out the other boxes correctly. Supposing they use SQL, the value will automatically set the query to respond as TRUE, which it would do if the licence/token was found in the database. This will make the query succeed regardless if the value is in their sql or not, acting as a valid token and registering your account. If you need any help with this, PM me. Don't forget this doesn't apply to all systems only ones that use SQL and don't have protection against this exploit.
I'm new to the forums and hoping to make a good first impression, I'm a C#/PHP developer
.
