Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

SQL-Injection escape ')'
From: Strcpy <elite_netbios () yahoo com>
Date: Sat, 3 Jul 2004 07:45:36 -0700 (PDT)
Hi list .

I`m working on a web-application for vulnerability
assesments in order to complete a pen-test job.

there is a vulnerable query there but I can`t escape
it ad use it to go farther .
the page script add a ')' to end of query string
always.
I tried to pass it by useing # or -- or ')'=')' at the
end of my query strings , but non worked :/

here is an example :
i sent this :
A') select name from sysobjects where xtype='U'--


[Microsoft][ODBC Microsoft Access Driver] Syntax
error. in query expression 'city_name='Tehran' and
(agency_english ='A') select name from sysobjects
where xtype='U'--')' 

would you mind please help me ?

[sorry for poor English]

thnq all




                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]