SQL-Injection on Medium or Hard-Stage

[shalec]

Hey,
you are presenting some solutions for the "low"-difficult level, did you ever had a try on medium or hard?

Lets consider the difficult "medium" while doing a SQL-Injection (GET/Search). It seems, that this software uses "addslashes()" together with "mysql_real_escape_string()". How would you start or prepare an attack?

[skiptomyliu]

Sorry for the late response @shalec, I have yet to test it out myself, but check out these answers on SO as potential starting points (https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) .

Of course, others welcomed to chime in!