SQL injection from within a table - is it possible?

From: Peter Bair (peterbair100@hotmail.com)
Date: Thu Jan 06 2005 - 19:59:44 EST

Next message: Frederic Charpentier: "Re: Penetration Testing a CheckPoint NG FW on Nokia"
Previous message: Tyler Markowsky: "RE: How to start a Pen Test Consultancy ?"
Next in thread: Frederic Charpentier: "SQL Injection with DB2 and ASP"
Reply: Frederic Charpentier: "SQL Injection with DB2 and ASP"
Maybe reply: Kelley, Brian: "RE: SQL injection from within a table - is it possible?"
Reply: Eyal Udassin: "RE: SQL injection from within a table - is it possible?"
Reply: Kevin Conaway: "Re: SQL injection from within a table - is it possible?"
Maybe reply: Burnett, Robert: "RE: SQL injection from within a table - is it possible?"
Maybe reply: Scovetta, Michael V: "RE: SQL injection from within a table - is it possible?"
Maybe reply: Ofer Shezaf: "RE: SQL injection from within a table - is it possible?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Is it possible to store an SQL injection string into a MSSQL database table, so when the database performs an action like through a stored proc, the SQL injection attack takes place?

Not through the normal means of SQL injection via a web base means, but if you have the means of storing the data into the table directly.

Example:
An application has a users name in a table. Is it possible to assign the users name as the SQL injection string, something like
name from table; exec master.xp_cmdshell "ping me"; --

so when the database is running a stored procedure with a select clause like

select name from table

it really is becomes

select name from table; exec master.xp_cmdshell "ping me" ;-- from table

Of course using the SQL query analyzer on the database table, all this works ok.

But when I insert the SQL injection string into the table, as the name, and then query the table nothing happens.

Is it possible or have I missed the point here?

Thanks Peter.

Next message: Frederic Charpentier: "Re: Penetration Testing a CheckPoint NG FW on Nokia"
Previous message: Tyler Markowsky: "RE: How to start a Pen Test Consultancy ?"
Next in thread: Frederic Charpentier: "SQL Injection with DB2 and ASP"
Reply: Frederic Charpentier: "SQL Injection with DB2 and ASP"
Maybe reply: Kelley, Brian: "RE: SQL injection from within a table - is it possible?"
Reply: Eyal Udassin: "RE: SQL injection from within a table - is it possible?"
Reply: Kevin Conaway: "Re: SQL injection from within a table - is it possible?"
Maybe reply: Burnett, Robert: "RE: SQL injection from within a table - is it possible?"
Maybe reply: Scovetta, Michael V: "RE: SQL injection from within a table - is it possible?"
Maybe reply: Ofer Shezaf: "RE: SQL injection from within a table - is it possible?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT