Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Oracle URL SQL Injection issue
From: Todd Manning <tmanning () bpointsys com>
Date: Sun, 20 Jan 2008 23:03:38 -0600

On Jan 17, 2008, at 6:21 PM, Clone wrote:
http://x.y.z.a/item.php?Id=90%20UNION%20SELECT%20*%20from%20usr;--

and I get the error

ociexecute() [function.ociexecute]: OCIStmtExecute:
ORA-01789: query block has incorrect number of result
columns in dbs.inc on line 44

The hint is in the error. Your injected UNION must select the same number of columns as the original query. Vary the number of columns instead of doing a 'select *.' If you don't know the column names, you can do something like 'select 1,2,3,4,5,6,7 from usr'. Since you say you have a valid account on the db server, I guess you could go ahead and find out the schema for the usr table.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault