Penetration Testing mailing list archives
Re: SQL-Injection escape ')'
From: Fabrice MARIE <fabrice.marie () fma-rms com>
Date: Mon, 5 Jul 2004 13:11:09 +0800
Hello, On 03 July 2004 pm 22:45, Strcpy wrote:
Hi list . I`m working on a web-application for vulnerability assesments in order to complete a pen-test job. there is a vulnerable query there but I can`t escape it ad use it to go farther . the page script add a ')' to end of query string always. I tried to pass it by useing # or -- or ')'=')' at the end of my query strings , but non worked :/ here is an example : i sent this : A') select name from sysobjects where xtype='U'-- [Microsoft][ODBC Microsoft Access Driver] Syntax error. in query expression 'city_name='Tehran' and (agency_english ='A') select name from sysobjects where xtype='U'--')' would you mind please help me ?
try something like this: select name from sysobjects where xtype='U' or (1=1 This way if the application adds a parenthesis, it's just going to close the one you opened on purpose and the syntax should remain correct in the end. 'or 1=1' doesn't affect your SELECT query, because it's always true.. Have a nice day, Fabrice. -- Fabrice A. MARIE FMA Risk Management Solutions http://www.fma-rms.com/
Current thread:
- SQL-Injection escape ')' Strcpy (Jul 04)
- Re: SQL-Injection escape ')' Fabrice MARIE (Jul 05)
- Re: SQL-Injection escape ')' Thor (Jul 05)
- Re: SQL-Injection escape ')' nummish (Jul 05)
- Re: SQL-Injection escape ')' Roman Medina (Jul 06)
- <Possible follow-ups>
- Fwd: RE: SQL-Injection escape ')' Strcpy (Jul 05)
- Fwd: RE: SQL-Injection escape ')' Strcpy (Jul 05)
- Re: SQL-Injection escape ')' Strcpy (Jul 05)
- RE: SQL-Injection escape ')' Esmat, Ayman (ISS Middle East) (Jul 05)