SQL injection question
From: Mike Rauch (michaelraouch_at_yahoo.com)
Date: 11/03/03
- Previous message: johnadams: "Re: Cisco LEAP"
- Next in thread: Pete Finnigan: "Re: SQL injection question"
- Reply: Pete Finnigan: "Re: SQL injection question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Nov 2003 13:07:33 -0800 (PST) To: pen-test@securityfocus.com
Hello,
I'm performing an assesment on one of our web
applications (black box type) and I came acrooss two
interesting error messages from an Oracle DB when I
supply a 'SELECT statement. The messages are:
a) ORA-00933 SQL Command not properly ended
b) ORA-00917 Missing comma
I tried various formats to form an SQL statment that
can be parsed but no success.
Does anyone can shed any light as to what I may be
able to try?
Thanks !
Mike
__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
- Previous message: johnadams: "Re: Cisco LEAP"
- Next in thread: Pete Finnigan: "Re: SQL injection question"
- Reply: Pete Finnigan: "Re: SQL injection question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
