Penetration Testing mailing list archives
RE: SQL injection (or not?)
From: "Isidro Ramon Labrador Rodriguez" <irlabrador () sgi es>
Date: Wed, 9 Aug 2006 12:01:48 +0200
When I find a Blind SQL Vulnerability and I want to guess the Databsee which is behind I try the following injections: Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a If it returns a valid value the database is SQL Server Parameter=[valid value]' and exists(select * from user_tables) and 'a'='a If it returns a valid value the database is Oracle Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a If it returns a valid value the database is MySQL I hope it helps. Best Regards, Isidro -----Mensaje original----- De: rr () neo dtcom lv [mailto:rr () neo dtcom lv] Enviado el: martes, 08 de agosto de 2006 11:19 Para: pen-test () securityfocus com Asunto: SQL injection (or not?) Hi. I'm having weird situation with sql injection (I guess). Unfortunately there is no error message displayed - blind injection, so all that I know - query is valid or not. script.aspx?parameter=' and 'a'%2b'a'='aa no result, aparently query is invalid, so it is not MSSQL, kind of script.aspx?parameter=' and concat('a','a')='aa returns page, sql query turns out to be valid, MySQL?? meanwhile script.aspx?parameter=' and concat('a','a','a')='aaa no result, so it is not MySQL also I know that database should be MSSQL concat is first function I found to work. Maybe it is not sql injection? What else could it be? rr ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ------ ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- SQL injection (or not?) rr (Aug 08)
- Re: SQL injection (or not?) Mike Klingler (Aug 08)
- Re: SQL injection (or not?) A. Ramos (Aug 09)
- <Possible follow-ups>
- RE: SQL injection (or not?) Isidro Ramon Labrador Rodriguez (Aug 09)
- RE: SQL injection (or not?) Tonnerre Lombard (Aug 09)
- Re: SQL injection (or not?) DokFLeed (Aug 09)
- Injected, whats next DokFLeed (Aug 17)
- Re: Injected, whats next Jon Hart (Aug 18)
- RE: Injected, whats next Clemens, Dan (Aug 18)
- Re: Injected, whats next Serg B. (Aug 18)
- Message not available
- Re: Injected, whats next Serg B. (Aug 18)
- Re: Injected, whats next Brendan Dolan-Gavitt (Aug 18)
- Re: Injected, whats next DokFLeed (Aug 18)