<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: yet another injection question

yet another injection question

From: ronen <ronen_at_avnet.co.il>
Date: Tue, 15 Apr 2003 09:48:47 +0200

Hello all,

While pen testing a web application, and bypassing the authentication using
a basic injection, I've tried to add a user to the database through a
built-in form.

However, when sending the URL, I received the follows:

[Microsoft][ODBC SQL Server Driver][SQL Server]Cannot insert the value NULL
into column 'FOO', table 'BAR'; column does not allow nulls. INSERT fails.

The request URL has a field named 'FOO', and I explicitly inserted a value
to that field.

I was logged in with a privileged user (seems to have the highest privileges
available ).

Any idea what's the reason for the mentioned ODBC error.

BTW, the system is a 'Microsoft SQL Server 7.00 - 7.00.1063' running on
Windows NT 5.0 (Build 2195: Service Pack 3).

Thanking you all in advance.

Ronen
Received on Apr 15 2003

This message: [ Message body ]
Next message: Stephen de Vries: "Re: Searching for the tool"
Previous message: Kevin Spett: "Re: Searching for the tool"
Next in thread: Jacob Hurley: "RE: yet another injection question"
Maybe reply: Jacob Hurley: "RE: yet another injection question"
Reply: Kevin Spett: "Re: yet another injection question"
Maybe reply: David Cameron: "RE: yet another injection question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos