From: Zed Qyves (zqyves.spamtrap@gmail.com)
Date: Thu Jun 07 2007 - 03:17:02 EDT
Hello,
Although interesting, it is quite inneficient in my opinion, at leastas far as stopping attacks.
Experience have shown, to me at least, that once you have an SQLinjection, one way or another (that is the easy (*)or the hardway(**)), you will be able to deduce the db schema in terms of tablesand columns.
(*) Detailed error messages, having 1=1 and groups afterwards, etc...(**) Blind, Bruteforce union select field types and number etc...
After that, and since you have control over a query then the firstline is whatever you tell it to be. consider the following:
select * from users where login = 'zavarakatranemia' union select<insert fields that meet the UNION SELECT requirements here> from<table you want>;
Unless you have a user called zavarakatranemia then having a dummyfirst row won't do you any good.
Regards,Z.
On 6/7/07, Jim Halfpenny <jimsmailinglists@gmail.com> wrote:> Hi,> One thing I've noticed about SQL injection is that quite often the> injected code returns a data set and the vulnerable application plucks> the first row from the set. Consider a simple example where a login> form is vulnerable and the following code is generated:>> select * from users where login = '' or 'a' = 'a';>> Instead of returning one row as expected the whole table is returned> and the application more often than not reads the first row. This hack> is especially bad if the first user in the table has admin right,> which is often the case.>> One way of potentially hobbling simple SQL injection would be to> insert a sentinel record at the beginning of the table (hence the> row-0 concept). This this row is ever returned the the application can> be made aware something bad has happened.>> Does this sound like a good idea, or does it encourage poor coding by> having a safety net? All comments welcome.>> Jim>> -----------------------------
-------------------------------------------> This List Sponsored by: Cenzic>> Are you using SPI, Watchfire or WhiteHat?> Consider getting clear vision with Cenzic> See HOW Now with our 20/20 program!>> http://www.cenzic.com/c/2020> ------------------------------------------------------------------------>>
-- ---------------------------------------------------------------------Κρέωνἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενονἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.Οιδίπους Τύρρανος [110]---------------------------------------------------------------------CreonIn this our land, so said he, those who seek Shall find; unsought, welose it utterly.Oedipus Rex [110]---------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:52 EDT