Penetration Testing mailing list archives
Oracle Pentest
From: maash.rajani () gmail com
Date: 1 Jan 2011 12:48:13 -0000
I found an injection point during a pentest project. They are running an Oracle DBMS. Simply tryin ' OR '1'='1' returned one single result. In trying to find the number of queries returned by the column i used: ' OR '1'='1' ORDER BY n-- Anything above 7 in the Order by query generates an error. So i assumed there were 7 columns being selected. But then when i try ' OR '1'='1' UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL -- i get an incorrect number of columns error. I tried anywhere upto 30 "NULLs", i keep getting the same error. Any suggestions? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Oracle Pentest maash . rajani (Jan 01)
- Re: Oracle Pentest Dan Crowley (Jan 03)
- Re: Oracle Pentest The Dead (Jan 04)