Penetration Testing mailing list archives

Re: SQL Injection - data ntext,image cannot group by....

From: "Kevin Spett" <kspett () spidynamics com>
Date: Wed, 20 Mar 2002 18:58:28 -0800

Try the convert hack if it's SQL Server.  Make your injection string
something like this:
    convert(int, (convert(varchar, (SELECT TOP 1 name FROM sysobjects WHERE
xtype='U'))))
You should get back an error message that contains the first name in
sysobjects.

Again, if it's SQL Server, you can inject procedures.  Try injecting
sp_makewebtask, which has been discussed on this list twice in the last week
I think.

You also might want to include in your report that (in theory) they may get
a slight performance increase by using type ntext instead of text.  The text
data type is really there to just include extra information that isn't
supposed to be used in applications often (or at least that's my
understanding of it.)


Kevin Spett
SPI Dynamics, Inc.

----- Original Message -----
From: "Sony Arianto Kurniawan" <sony-ak () aritechdev com>
To: <pen-test () securityfocus com>
Sent: Tuesday, March 19, 2002 8:39 AM
Subject: SQL Injection - data ntext,image cannot group by....

Dear pen tester,
I'm interested in SQL injection. I try to know the table structure using '
having 1=1 --  and ' group by [table_name].[field_name]   to enumerate the
fields.
But the table contains field with text or image type. I can't use group by
and I can't continue the injection :( Is there any method to address this
problem?
Thanks.

Sony AK
http://www.aritechdev.com/


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

SQL Injection - data ntext,image cannot group by.... Sony Arianto Kurniawan (Mar 18)
- Re: SQL Injection - data ntext,image cannot group by.... Kevin Spett (Mar 21)