Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Penetration Testing: Re: SQL INJECTION - ORACLE

Re: SQL INJECTION - ORACLE

From: Kevin Spett <kspett_at_spidynamics.com>
Date: Mon, 10 Dec 2001 15:51:43 -0800

First of all:
> Input: ') from getpolicynumber -- "'"
> Result:
> Microsoft OLE DB Provider for ODBC Drivers error '80004005'
>
> [Microsoft][ODBC driver for Oracle][Oracle]ORA-04044: procedure, function,
> package, or type is not allowed here
There is no magical comment character in Oracle. -- is only good in SQL
Server.

> [Microsoft][ODBC driver for Oracle][Oracle]ORA-06553: PLS-306: wrong
number
> or types of arguments in call to 'GETPOLICYNUMBER'
Hmmm, looks like your input is going to a user defined stored procedure.
That could mean that you're out of luck.

Try seeing if using a subselect or a union works. Here are some examples:
Subselect: (SELECT blah FROM bleh WHERE 1=1)
Union: ') UNION SELECT blah, blah, blah FROM bleh WHERE (''='

I've got a paper on the way soon that'll go into detail on these things.

Kevin Spett
Czar of SQL Injection
SPI Dynamics, Inc.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Dec 10 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]