Security Basics mailing list archives
SQL Injection ORDER BY plus DROP TABLE?
From: wonderfulandromeda () gmail com
Date: 12 Aug 2007 19:41:05 -0000
I remember, long back I tried SQL injection like this. ORDER BY 1-- It worked. This proves that there was a select query towards the left of the injection point. This also worked ORDER BY 1 DROP TABLE A It spewed an output like it can not drop table A because it doesn't exist. I am wondering what kinda SQL query would that be which has a select query and accomodates DROP along with ORDER BY 1. AFAIK, DROP should be a separate statement and it should cause a syntax error if combined with SELECT. Any suggestions?
Current thread:
- SQL Injection ORDER BY plus DROP TABLE? wonderfulandromeda (Aug 14)
- Re: SQL Injection ORDER BY plus DROP TABLE? Pranay Kanwar (Aug 15)