SQL-Injection escape ')'
From: Strcpy (elite_netbios_at_yahoo.com)
Date: 07/03/04
- Next in thread: Thor: "Re: SQL-Injection escape ')'"
- Reply: Thor: "Re: SQL-Injection escape ')'"
- Maybe reply: Strcpy: "Re: SQL-Injection escape ')'"
- Reply: Fabrice MARIE: "Re: SQL-Injection escape ')'"
- Reply: nummish: "Re: SQL-Injection escape ')'"
- Reply: Roman Medina: "Re: SQL-Injection escape ')'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 3 Jul 2004 07:45:36 -0700 (PDT) To: pen-test@securityfocus.com
Hi list .
I`m working on a web-application for vulnerability
assesments in order to complete a pen-test job.
there is a vulnerable query there but I can`t escape
it ad use it to go farther .
the page script add a ')' to end of query string
always.
I tried to pass it by useing # or -- or ')'=')' at the
end of my query strings , but non worked :/
here is an example :
i sent this :
A') select name from sysobjects where xtype='U'--
[Microsoft][ODBC Microsoft Access Driver] Syntax
error. in query expression 'city_name='Tehran' and
(agency_english ='A') select name from sysobjects
where xtype='U'--')'
would you mind please help me ?
[sorry for poor English]
thnq all
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
- Next in thread: Thor: "Re: SQL-Injection escape ')'"
- Reply: Thor: "Re: SQL-Injection escape ')'"
- Maybe reply: Strcpy: "Re: SQL-Injection escape ')'"
- Reply: Fabrice MARIE: "Re: SQL-Injection escape ')'"
- Reply: nummish: "Re: SQL-Injection escape ')'"
- Reply: Roman Medina: "Re: SQL-Injection escape ')'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
