Penetration Testing mailing list archives
Re: SQL Injection and text fields
From: Ben Timby <asp () webexc com>
Date: Fri, 20 Aug 2004 14:40:53 -0500
Oh, and to directly answer your question, you CAN group text fields: "...group by cast(sometextfield as varchar(8000))" 8000 = max varchar size. Enjoy! Mariano Nuñez Di Croce wrote:
Ben Timby wrote:What do you want to find out? can you post your full input to the field?I am having trouble understanding what you are doing and trying to accomplish.Mariano Nuñez Di Croce wrote:I'm currently pen-testing a web application based on ASP and SQL Server.I have already figured out the table and field name by the use of the "having 1=1--" and appending "group by table.name" clauses.The problem is that I have text fields and those can't be use in the GROUP BY clause, so I get an error and cannot continue with the Injection.Any ideas?I 'm testing a page similar to this one:www.url.com/page.asp?id=2%20group%20by%20table1.fecha,table1.row_id,table1.nombre_fisico,table1.titular,table1.autor,table1.fuente,table1.seccion,table1.ciudad,table1.texto%20having%201=1--When I send this url whitout "table1.texto", I get an error saying that table1.texto must be appended to the group by clause... (just like the same procedure to discover the previous fieldnames).But this time, when I add this field to the GROUP BY clause i says that ntext, text and image fields cannot be appended to this type of clause.So...how can I walk through this to keep discovering the remaining fields??I've heard something about CONVERT function but not sure how to implement it..Thanks in advance, But when
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- SQL Injection and text fields Mariano Nuñez Di Croce (Aug 20)
- Re: SQL Injection and text fields Ben Timby (Aug 21)
- Re: SQL Injection and text fields Mariano Nuñez Di Croce (Aug 21)
- Re: SQL Injection and text fields Ben Timby (Aug 20)
- Re: SQL Injection and text fields Ben Timby (Aug 20)
- Re: SQL Injection and text fields Mariano Nuñez Di Croce (Aug 21)
- Re: SQL Injection and text fields Ben Timby (Aug 21)