From: Ben Timby (asp@webexc.com)
Date: Fri Aug 20 2004 - 12:53:59 EDT
What do you want to find out? can you post your full input to the field?
I am having trouble understanding what you are doing and trying to
accomplish.
Mariano Nuņez Di Croce wrote:
> I'm currently pen-testing a web application based on ASP and SQL Server.
>
> I have already figured out the table and field name by the use of the
> "having 1=1--" and appending "group by table.name" clauses.
>
> The problem is that I have text fields and those can't be use in the
> GROUP BY clause, so I get an error and cannot continue with the Injection.
>
> Any ideas?
>
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT