SQL Insertion

From: alex@geoquark.com
Date: Tue Apr 09 2002 - 04:48:34 EDT

• Next message: Andrea Barisani: "Firewall Tester 0.6"
• Previous message: Benjamin Tomhave: "RE: documentation/snapshot tool for pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>From the following:
vulnerable.asp?g=1;

Error Type:
Microsoft OLE DB Provider for ODBC Drivers
(0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL
Server]Incorrect syntax near the keyword 'order'.

you can assume that the sql statement is of the form: (nice and generic)

select A from B where C order by D

you are inseting into C in this example. what you need to do is provide
something like:

g=1; select * from sysobjects--

note the single line comment at the end (--), this is necessary to prevent
the "order" clause being executed out of context in our inserted query.

There were some good papers on this... can only remember
www.ngssoftware.com off the top of my head.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Andrea Barisani: "Firewall Tester 0.6"
• Previous message: Benjamin Tomhave: "RE: documentation/snapshot tool for pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT