Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: SQL injection (or not?)
From: "C, Muruganandam" <muruganandam.c () genpact com>
Date: Mon, 14 Aug 2006 22:46:48 +0530

Any other guide for sqlinjection?

-----Original Message-----
From: Isidro Ramon Labrador Rodriguez [mailto:irlabrador () sgi es]
Sent: Wednesday, August 09, 2006 3:32 PM
To: pen-test () securityfocus com
Subject: RE: SQL injection (or not?)


When I find a Blind SQL Vulnerability and I want to guess the Databsee
which is behind I try the following injections:


Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a

If it returns a valid value the database is SQL Server


Parameter=[valid value]' and exists(select * from user_tables) and
'a'='a 
 
If it returns a valid value the database is Oracle


Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a

 
If it returns a valid value the database is MySQL


I hope it helps.

Best Regards,
Isidro

-----Mensaje original-----
De: rr () neo dtcom lv [mailto:rr () neo dtcom lv] 
Enviado el: martes, 08 de agosto de 2006 11:19
Para: pen-test () securityfocus com
Asunto: SQL injection (or not?)

Hi.

I'm having weird situation with sql injection (I guess). Unfortunately
there is no error message displayed - blind injection, so all that I
know - query is valid or not.

script.aspx?parameter=' and 'a'%2b'a'='aa no result, aparently query is
invalid, so it is not MSSQL, kind of

script.aspx?parameter=' and concat('a','a')='aa returns page, sql query
turns out to be valid, MySQL??

meanwhile
script.aspx?parameter=' and concat('a','a','a')='aaa no result, so it is
not MySQL

also I know that database should be MSSQL

concat is first function I found to work. Maybe it is not sql injection?
What else could it be?

rr


------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------


______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
______________________
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
______________________

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault