Home page logo
/

basics logo Security Basics mailing list archives

SQL Injection ORDER BY plus DROP TABLE?
From: wonderfulandromeda () gmail com
Date: 12 Aug 2007 19:41:05 -0000

I remember, long back I tried SQL injection like this.

ORDER BY 1--

It worked. This proves that there was a select query towards the left of the injection point. This also worked

ORDER BY 1 DROP TABLE A

It spewed an output like it can not drop table A because it doesn't exist. I am wondering what kinda SQL query would 
that be which has a select query and accomodates DROP along with ORDER BY 1.

AFAIK, DROP should be a separate statement and it should cause a syntax error if combined with SELECT. Any suggestions?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]