From: SQL injector (sql_injector@yahoo.com)
Date: Wed Apr 10 2002 - 21:22:43 EDT
That is the statement I assumed. I still receive a
syntax error. It seems to me it is due to a strange
join (thanks beth). I wanted to post to see if anyone
had any advanced ideas on syntax....
Also I read the ngssoftware paper. I really enjoyed
it. There is another paper I found by Kevin Spett @
SPI Dynamics that is good as well.
S_I
--- alex@geoquark.com wrote:
> From the following:
> vulnerable.asp?g=1;
>
> Error Type:
> Microsoft OLE DB Provider for ODBC Drivers
> (0x80040E14)
> [Microsoft][ODBC SQL Server Driver][SQL
> Server]Incorrect syntax near the keyword 'order'.
>
> you can assume that the sql statement is of the
> form: (nice and generic)
>
> select A from B where C order by D
>
> you are inseting into C in this example. what you
> need to do is provide
> something like:
>
> g=1; select * from sysobjects--
>
> note the single line comment at the end (--), this
> is necessary to prevent
> the "order" clause being executed out of context in
> our inserted query.
>
> There were some good papers on this... can only
> remember
> www.ngssoftware.com off the top of my head.
>
>
>
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT