WebApp Sec mailing list archives
Re: ORACLE SQL Injection Question
From: Cesar <cesarc56 () yahoo com>
Date: Tue, 4 Nov 2003 06:04:47 -0800 (PST)
Hi. Take a look here, many cool papers and articles: http://www.petefinnigan.com/orasec.htm Cesar. --- Mike Rauch <michaelraouch () yahoo com> wrote:
Hello, I'm performing an assesment on one of our web applications (black box type) and I came acrooss two interesting error messages from an Oracle DB when I supply a 'SELECT statement. The messages are: a) ORA-00933 SQL Command not properly ended b) ORA-00917 Missing comma I tried various formats to form an SQL statment that can be parsed but no success. Does anyone can shed any light as to what I may be able to try? Thanks ! Mike __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/
__________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
Current thread:
- ORACLE SQL Injection Question Mike Rauch (Nov 03)
- Re: ORACLE SQL Injection Question Cesar (Nov 04)
- <Possible follow-ups>
- Re: ORACLE SQL Injection Question Kenneth Duran (Nov 04)
- RE: ORACLE SQL Injection Question Pitts, Christopher C. (Nov 04)