Penetration Testing mailing list archives

ORDER BY sql injection help

From: lister () lihim org
Date: Thu, 11 Jun 2009 15:45:49 -0500

Requesting assistance.

An application uses GET and one of the parameters translates to an ORDER BY
in an Oracle SQL query.

I can put in 1 through X where X is a column number to order the output up to X columns.

I can also get ORA errors, so I know I have direct access to the SQL query.

I'm looking for references on possible queries for a query with an injectable
ORDER BY clause.  I'm not sure if it is possible to break out of the ORDER BY
to query other data.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

ORDER BY sql injection help lister (Jun 12)
- Re: ORDER BY sql injection help Trace (Jun 15)
- RE: ORDER BY sql injection help SuRGeoN (Jun 15)
- Re: ORDER BY sql injection help arvind doraiswamy (Jun 15)
- Re: ORDER BY sql injection help Robin Wood (Jun 15)