From: Liudvikas Jablonskas (liudvikas.jablonskas@gmail.com)
Date: Thu Jun 07 2007 - 02:40:58 EDT
i can use injection like this:' or 'a' = 'a' limit 2,1;and it will use second row.
On 6/6/07, Jim Halfpenny <jimsmailinglists@gmail.com> wrote:> Hi,> One thing I've noticed about SQL injection is that quite often the> injected code returns a data set and the vulnerable application plucks> the first row from the set. Consider a simple example where a login> form is vulnerable and the following code is generated:>> select * from users where login = '' or 'a' = 'a';>> Instead of returning one row as expected the whole table is returned> and the application more often than not reads the first row. This hack> is especially bad if the first user in the table has admin right,> which is often the case.>> One way of potentially hobbling simple SQL injection would be to> insert a sentinel record at the beginning of the table (hence the> row-0 concept). This this row is ever returned the the application can> be made aware something bad has happened.>> Does this sound like a good idea, or does it encourage poor coding by> having a safety net? All comments welcome.>> Jim>> -----------------------------
-------------------------------------------> This List Sponsored by: Cenzic>> Are you using SPI, Watchfire or WhiteHat?> Consider getting clear vision with Cenzic> See HOW Now with our 20/20 program!>> http://www.cenzic.com/c/2020> ------------------------------------------------------------------------>>
-- Liudvikas Jablonskasmob.: +370 6 333 99 33skype: liudvikasicq: 104364435http://www.liudvikas.lt_____Jei šis pranešimas Jums pateko per klaidą ar dėl įrangos gedimo, Jūsnegalite naudoti jame esančios informacijos.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:52 EDT