Penetration Testing mailing list archives
Re: Quite basic SQL injection question
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Tue, 19 Apr 2011 17:07:25 +0530
Hi Alexandre, Have you looked at 'completing the syntax' of the SQL query itself after injection? For e.g A sample query could eventually look like - "select * from table1 m JOIN table2 t UNION SELECT 1,2,3 from dual"--ORDER BY m.field1, t.field2"; Note the extra " after dual? I'm just saying - whatever your syntax is - try and complete that AFTER you're done injecting. Another thing that has often worked for me is validating my syntax at a MySQL prompt itself. This helps me know that my SQL syntax itself isn't wrong. All the best! Arvind On Mon, Apr 18, 2011 at 1:21 PM, Alexandre De Dommelin <adedommelin () tuxz net> wrote:
Hi all, I'm evaluating PHP/Mysql code and I found a problem, in the following code : <?php $query=" SELECT * FROM table1 m JOIN table2 t $condition ORDER BY m.field1, t.field2 "; $db->query($query); ?> I'm able to inject everything I want into $condition, but I can't manage to make the ORDER clause to be ignored (using -- /* ...), which leads to an sql error. I'm sure it's quite stupid but I have to admit that i'm stucked ... Do you have an idea ? Bests, Alex -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2r7ZIACgkQRiuXGItTIgy72gCeKY8SQGwhm/BgtGFhT1gUFjwA 6eAAn10ex7ah3SHTjSD49sWHpqzJ47lz =4t0L -----END PGP SIGNATURE-----
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Quite basic SQL injection question Alexandre De Dommelin (Apr 19)
- Re: Quite basic SQL injection question arvind doraiswamy (Apr 22)
- Re: Quite basic SQL injection question Justin Klein Keane (Apr 22)
- Re: Quite basic SQL injection question danuxx (Apr 22)