mailing list archives
Re: SQL Injection question
From: "lipe!" <lipe () brturbo com>
Date: Thu, 27 May 2004 09:25:55 -0300
With IIS you can try to generate a Error Report (if the server has this
You can, for example, request the query with a cast operator that can't do
select convert(int, password_field+'a') from table where id = 1
When the DB engine try to convert the string (password_field+'a'), it will
report a error, because the conversion is impossible..
+---- - - - - - - -
| :_ _|_| Felipe Santos Andrade
| / | / Desenvolvedor .
|.____|/ Criativa Solutions
/* nós poderiamos ser muito melhores :
se não quisessemos ser tão bons */ :
- - - - - - --- /
----- Original Message -----
From: "Serg Belokamen" <serg () dodo com ai>
To: <webappsec () securityfocus com>
Cc: <stewart () flamingspork dot com>
Sent: Wednesday, May 26, 2004 12:49 PM
Subject: SQL Injection question
| Hi All,
| I am interested to know (if possible) how to extend an SQL injection
| display requested information from the injected query rather then the one
coded into the software.
| For example performing a successful injection in the following manner:
| http://domain.com/script.php?showdata.php=3;select * from table where id=1
| would successfuly execute injected SQL on the datrabase server and return
an error to the caller since the software was made to process a particular
query... not injected one.
| How and is it at all possible to actually view the data corresponding to
injected SQL query, being:
| select * from table where id=1?
| Best Regards,
- Re: SQL Injection question lipe! (May 28)