Penetration Testing mailing list archives
Re: sql injection with MS Access
From: "rudi carell" <rudicarell () hotmail com>
Date: Thu, 29 Nov 2001 09:09:17
hola, thats dependend heavily on the interface the web-app uses! as an example .. (ODBC+MSSQL+PHP) does not recognize comments .. did you try out a NULL-BYTE[\000] ? if it is not possible to premature cut-off the query .. i d recommand combining the original query with UNION and SUBSELECT-Statements .. you said:
Hi, I am currently testing SQL injection with a web application and MS Accessdatabase. I have some difficulties as I do not knowing the comment characterfor Access Database.
cu rC security () freefly com http://www.freefly.com/security/ _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- sql injection with MS Access helmut schmidt (Nov 28)
- Re: sql injection with MS Access Kevin Spett (Nov 28)
- Re: sql injection with MS Access Sverre H. Huseby (Nov 28)
- <Possible follow-ups>
- Re: sql injection with MS Access rudi carell (Nov 29)