Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Quite basic SQL injection question
From: Justin Klein Keane <jkleinkeane () gmail com>
Date: Tue, 19 Apr 2011 08:39:09 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Since the order columns are valid in the select definition why would you
need to screen them out?  What is the error you are getting?

Justin Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed using
the public key at http://www.madirish.net/gpgkey

On 04/18/2011 03:51 AM, Alexandre De Dommelin wrote:
Hi all,

I'm evaluating PHP/Mysql code and I found a problem, in the following code :
<?php
$query="
SELECT *
FROM table1 m JOIN table2 t
$condition
ORDER BY m.field1, t.field2
";
$db->query($query);
?>

I'm able to inject everything I want into $condition, but I can't manage to
make the ORDER clause to be ignored (using -- /* ...), which leads to an sql
error.
I'm sure it's quite stupid but I have to admit that i'm stucked ...

Do you have an idea ?

Bests,

Alex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAk2tgmkACgkQkSlsbLsN1gCUkwb/dg58a3rvgQIEO4hUnTDVrSxs
K76pXan5dEy+B7HS5xLOzBTdN+bsxU+nTnkjzj6FaycADpnzQjDrwUkXHPM4vGjc
oO24Oy9x1ks3v6CTo5d/rdWFPZb+yNgWfRyR/Wuz1SOFS5j1ABzbjnsfrIbjBWHg
vZ2TxKSINxiedwrA6lMs8LcuQ/VqKxWRqcyxxATgcIGiEUSuvIi/6jaTOr8zSgr3
UggYk5VCboii+afPaNMDojZvdZwJuY9707V7+AajKjr/UvdrID9BiC1ZRwoxG7PK
TED4UPUFRnw3GK3YOvE=
=E3iv
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]