Penetration Testing: Re: Oracle SQL Injection vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Oracle SQL Injection vulnerability

From: Attari Attari <c70n3 () yahoo co in>
Date: Wed, 21 Nov 2007 01:56:10 +0000 (GMT)

Hey Zed,

You hit the bulls eye. 

Now I gave 123 OR 1=1-- as the injection in username
field.. I don't get the same error on a previous line
but a new error further down the code which says:

"ORA-01722: invalid number"

Looks like the query earlier is:

SELECT COUNT(*) FROM TABLENAME  WHERE ID = '" &
txtUser.Text & "' and PASSWORD =  '"...

Now this query is fired fine. But the execution breaks
in the next line that says (yes error's are not
hidden):
 
If CInt(cmd.ExecuteScalar()) > 0 

Suggestions what's going wrong here?

Thanks a ton guys.

 --- Zed Qyves <zqyves.spamtrap () gmail com> wrote:

Hello,

Wild guess but can the username be numeric only
rather than
alphanumeric as everyone expects? People often
misconceive that the
username field as alpha while it may very well not
be ...That would
explain why you are still getting the "ORA-01756:
quoted string not
properly terminated" even when you appear to
terminating correctly.
what if you input "123 or 1=1--" (strip ") in the
username field?

regards,
./ZQ

--

---------------------------------------------------------------------

ÎÏÎÏÎ½
á¼Î½ Ïá¿Î´á¾½ á¼ÏÎ±ÏÎºÎµ Î³á¿Â· Ïá½¸ Î´á½²
Î¶Î·ÏÎ¿ÏÎ¼ÎµÎ½Î¿Î½
á¼Î»ÏÏÏÎ½, á¼ÎºÏÎµÏÎ³ÎµÎ¹Î½ Î´á½²
Ïá¼Î¼ÎµÎ»Î¿ÏÎ¼ÎµÎ½Î¿Î½.
ÎÎ¹Î´Î¯ÏÎ¿ÏÏ Î¤ÏÏÏÎ±Î½Î¿Ï [110]

---------------------------------------------------------------------

Creon
In this our land, so said he, those who seek  Shall
find; unsought, we
lose it utterly.
Oedipus Rex [110]

---------------------------------------------------------------------

 



      Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

By Date By Thread

Current thread:

Re: Oracle SQL Injection vulnerability, (continued)
- RE: Oracle SQL Injection vulnerability Erin Carroll (Nov 19)
- RE: Oracle SQL Injection vulnerability Paul Melson (Nov 19)
  - RE: Oracle SQL Injection vulnerability Attari Attari (Nov 24)
- Re: Oracle SQL Injection vulnerability Zed Qyves (Nov 24)
  - Re: Oracle SQL Injection vulnerability Attari Attari (Nov 24)
    - Re: Oracle SQL Injection vulnerability Zed Qyves (Nov 24)
- RE: Oracle SQL Injection vulnerability David Cullen (Nov 24)
- Re: RE: Oracle SQL Injection vulnerability eladexposed (Nov 25)