Re: sql injection with MS Access
From: rudi carell (rudicarell@hotmail.com)Date: 11/29/01
- Previous message: Zen: "Re: opinions on Vigliante's SecureScanNX for attack/pen work?"
- Maybe in reply to: helmut schmidt: "sql injection with MS Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "rudi carell" <rudicarell@hotmail.com> To: helmutsch69@hotmail.com, pen-test@securityfocus.com Subject: Re: sql injection with MS Access Date: Thu, 29 Nov 2001 09:09:17 Message-ID: <F37g1JFhmjhF3thYCMS00001b85@hotmail.com>
hola,
thats dependend heavily on the interface the web-app uses!
as an example .. (ODBC+MSSQL+PHP) does not recognize comments ..
did you try out a NULL-BYTE[\000] ?
if it is not possible to premature cut-off the query ..
i d recommand combining the original query with UNION
and SUBSELECT-Statements ..
you said:
>Hi,
>I am currently testing SQL injection with a web application and MS Access
>database. I have some difficulties as I do not knowing the comment
>character
>for Access Database.
cu
rC
security@freefly.com
http://www.freefly.com/security/
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Zen: "Re: opinions on Vigliante's SecureScanNX for attack/pen work?"
- Maybe in reply to: helmut schmidt: "sql injection with MS Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
