Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: SQL Insertion

SQL Insertion

From: <alex_at_geoquark.com>
Date: Tue, 9 Apr 2002 09:48:34 +0100 (BST)

>From the following:
vulnerable.asp?g=1;

Error Type:
Microsoft OLE DB Provider for ODBC Drivers
(0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL
Server]Incorrect syntax near the keyword 'order'.

you can assume that the sql statement is of the form: (nice and generic)

select A from B where C order by D

you are inseting into C in this example. what you need to do is provide
something like:

g=1; select * from sysobjects--

note the single line comment at the end (--), this is necessary to prevent
the "order" clause being executed out of context in our inserted query.

There were some good papers on this... can only remember
www.ngssoftware.com off the top of my head.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Apr 09 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]