RE: SQL injection (or not?)
- From: "C, Muruganandam" <muruganandam.c@xxxxxxxxxxx>
- Date: Mon, 14 Aug 2006 22:46:48 +0530
Any other guide for sqlinjection?
-----Original Message-----
From: Isidro Ramon Labrador Rodriguez [mailto:irlabrador@xxxxxx]
Sent: Wednesday, August 09, 2006 3:32 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: SQL injection (or not?)
When I find a Blind SQL Vulnerability and I want to guess the Databsee
which is behind I try the following injections:
Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a
If it returns a valid value the database is SQL Server
Parameter=[valid value]' and exists(select * from user_tables) and
'a'='a
If it returns a valid value the database is Oracle
Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a
If it returns a valid value the database is MySQL
I hope it helps.
Best Regards,
Isidro
-----Mensaje original-----
De: rr@xxxxxxxxxxxx [mailto:rr@xxxxxxxxxxxx]
Enviado el: martes, 08 de agosto de 2006 11:19
Para: pen-test@xxxxxxxxxxxxxxxxx
Asunto: SQL injection (or not?)
Hi.
I'm having weird situation with sql injection (I guess). Unfortunately
there is no error message displayed - blind injection, so all that I
know - query is valid or not.
script.aspx?parameter=' and 'a'%2b'a'='aa no result, aparently query is
invalid, so it is not MSSQL, kind of
script.aspx?parameter=' and concat('a','a')='aa returns page, sql query
turns out to be valid, MySQL??
meanwhile
script.aspx?parameter=' and concat('a','a','a')='aaa no result, so it is
not MySQL
also I know that database should be MSSQL
concat is first function I found to work. Maybe it is not sql injection?
What else could it be?
rr
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@xxxxxxxxxx for
details.
------------------------------------------------------------------------
------
______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como confidencial
en el marco de su Sistema de Gestion de Seguridad de la
Informacion siendo para uso exclusivo del destinatario, quedando
prohibida su divulgacion copia o distribucion a terceros sin la
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracion.
______________________
This message including any attachments may contain confidential
information, according to our Information Security Management System,
and intended solely for a specific individual to whom they are addressed.
Any unauthorised copy, disclosure or distribution of this message
is strictly forbidden. If you have received this transmission in error,
please notify the sender immediately and delete it.
______________________
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------
- Prev by Date: Re: xss....what next???
- Next by Date: Re: arp injection for wifi pentesting
- Previous by thread: Re: SQL injection (or not?)
- Next by thread: httpd fingerprinting
- Index(es):
Relevant Pages
|
|
