WebApp Sec mailing list archives
SQL Injection Basics
From: raul.johhut () hushmail com
Date: Sat, 8 Feb 2003 17:21:47 -0800
I am pen testing a webapp and am having some problems with SQL injection. The app creates an ODBC error. Is this a garuntee of SQL Injection ? If I use www.victim/test.asp?userid=sfdsd the error is "inncorrect syntax near line 28 of test.asp" (or thats the English translation equiv in my case). I know the database is called master, and has a table test. What is the syntax I should use ? What are the best freeware and open source tools for testing SQL injection ? I tried WPosion which was OK. I also tried WebSleuth (which seems to have gone from GPL to closed source commercial btw). Am I right is saying that the SQL plugin has to connect directly to the database to work ? I can only see port 80 so don't think this will work ? Thanks, Raul. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- SQL Injection Basics raul . johhut (Feb 08)
- Re: SQL Injection Basics Loki (Feb 09)
- Re: SQL Injection Basics Nick Jacobsen (Feb 10)
- RE: SQL Injection Basics Forrest Lee Andrews (Feb 10)
- RE: SQL Injection Basics Dennis Hurst (Feb 10)
- Re: SQL Injection Basics Nick Jacobsen (Feb 10)
- Re: SQL Injection Basics Dave Aitel (Feb 10)
- RE: SQL Injection Basics Dennis Hurst (Feb 10)
- Re: SQL Injection Basics Taco Fleur (Feb 10)
- RE: SQL Injection Basics Robert Nilsen (Feb 10)
- Re: SQL Injection Basics Dirk Gomez (Feb 10)
- Re: SQL Injection Basics Nick Jacobsen (Feb 10)
- Re: SQL Injection Basics Loki (Feb 09)