WebApp Sec mailing list archives
Re: SQL Injection data retrieving??
From: nummish <nummish () gmail com>
Date: Fri, 10 Sep 2004 11:10:31 -0400
The problem you're encountering is because you're trying to convert multiple records with multiple fields to a single int datatype. think of the data you're pulling out in a format such as: x1,y1,z1 x2,y2,z2 x3,y3,z3 ... You'd have more success pulling one row at a time (Using the TOP 1 syntax you were using on the tables) and pulling one field at a time (you'll need to know the field name, from syscolumns)
From here you can proceed to convert, unless it's an integer.. at
which point it won't throw the same error, because the conversion will succeed. You might be better off if you can inject a stored proc to concatenate the fields for you (and save some time) This is all covered in Chris Anley's paper: http://www.nextgenss.com/papers/advanced_sql_injection.pdf -nummish On 10 Sep 2004 12:06:56 -0000, Roland Despins <roland2004 () romandie com> wrote:
Now here comes the troubles... I would like to retrieve the columns name of the "__dellist" table and the data of the "__dellist". I've sent: www.mysite.com/products.asp?id=convert(int,(select * from __dellist where 1=1)) Error Type: Microsoft OLE DB Provider for SQL Server (0x80004005) Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, >= or when the subquery is used as an expression. /products.asp, line 32 My question is: Which query should I sent i order to retrieve the data of the table??
-- Bigger 1:23 This address if for mailing list traffic only. Please direct non-list correspondence to 0x90.org
Current thread:
- SQL Injection data retrieving?? Roland Despins (Sep 10)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? nummish (Sep 11)
- Re: SQL Injection data retrieving?? Ben Timby (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 12)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- <Possible follow-ups>
- Re: SQL Injection data retrieving?? Roland Despins (Sep 12)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 13)
- RE: SQL Injection data retrieving?? Mark McDonald (Sep 13)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 13)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Peter Harrison (Sep 16)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
(Thread continues...)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)