Penetration Testing mailing list archives
Re: SQL Injection and text fields
From: Ben Timby <asp () webexc com>
Date: Fri, 20 Aug 2004 11:53:59 -0500
What do you want to find out? can you post your full input to the field?I am having trouble understanding what you are doing and trying to accomplish.
Mariano Nuñez Di Croce wrote:
I'm currently pen-testing a web application based on ASP and SQL Server.I have already figured out the table and field name by the use of the "having 1=1--" and appending "group by table.name" clauses.The problem is that I have text fields and those can't be use in the GROUP BY clause, so I get an error and cannot continue with the Injection.Any ideas?
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- SQL Injection and text fields Mariano Nuñez Di Croce (Aug 20)
- Re: SQL Injection and text fields Ben Timby (Aug 21)
- Re: SQL Injection and text fields Mariano Nuñez Di Croce (Aug 21)
- Re: SQL Injection and text fields Ben Timby (Aug 20)
- Re: SQL Injection and text fields Ben Timby (Aug 20)
- Re: SQL Injection and text fields Mariano Nuñez Di Croce (Aug 21)
- Re: SQL Injection and text fields Ben Timby (Aug 21)