Re: Oracle SQL Injection vulnerability

From: Attari Attari (c70n3@yahoo.co.in)
Date: Tue Nov 20 2007 - 20:56:10 EST

• Next message: Danux: "PHP Exploitation"
• Previous message: Alcides: "Re: FAX virus"
• In reply to: Zed Qyves: "Re: Oracle SQL Injection vulnerability"
• Next in thread: Zed Qyves: "Re: Oracle SQL Injection vulnerability"
• Reply: Zed Qyves: "Re: Oracle SQL Injection vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Zed,

You hit the bulls eye.

Now I gave 123 OR 1=1-- as the injection in username
field.. I don't get the same error on a previous line
but a new error further down the code which says:

"ORA-01722: invalid number"

Looks like the query earlier is:

SELECT COUNT(*) FROM TABLENAME WHERE ID = '" &
txtUser.Text & "' and PASSWORD = '"...

Now this query is fired fine. But the execution breaks
in the next line that says (yes error's are not
hidden):
 
If CInt(cmd.ExecuteScalar()) > 0

Suggestions what's going wrong here?

Thanks a ton guys.

 --- Zed Qyves <zqyves.spamtrap@gmail.com> wrote:
> Hello,
>
> Wild guess but can the username be numeric only
> rather than
> alphanumeric as everyone expects? People often
> misconceive that the
> username field as alpha while it may very well not
> be ...That would
> explain why you are still getting the "ORA-01756:
> quoted string not
> properly terminated" even when you appear to
> terminating correctly.
> what if you input "123 or 1=1--" (strip ") in the
> username field?
>
> regards,
> ./ZQ
>
> --
>
---------------------------------------------------------------------
> Κρέων
> ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ
> ζητούμενον
> ἁλωτόν, ἐκφεύγειν δὲ
> τἀμελούμενον.
> Οιδίπους Τύρρανος [110]
>
---------------------------------------------------------------------
> Creon
> In this our land, so said he, those who seek Shall
> find; unsought, we
> lose it utterly.
> Oedipus Rex [110]
>
---------------------------------------------------------------------
>

      Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Danux: "PHP Exploitation"
• Previous message: Alcides: "Re: FAX virus"
• In reply to: Zed Qyves: "Re: Oracle SQL Injection vulnerability"
• Next in thread: Zed Qyves: "Re: Oracle SQL Injection vulnerability"
• Reply: Zed Qyves: "Re: Oracle SQL Injection vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:13 EDT