Re: Oracle SQL Injection vulnerability

[Joxean Koret <joxeankoret () yahoo es>]

Hi,

Yes, it appears to be vulnerable. Try, also, the following string:

'='' --

I found many times SQL commands construsted as follows:

SELECT * FROM users WHERE '<user_entered_value>' = user_name

Regards,
Joxean Koret

On lun, 2007-11-19 at 09:32 +0000, Attari Attari wrote:
> Hi Group,
>
> I'm doing a penetration test for a client on their web
> portal. When I give ' on the username field I was
> received with an error from the server:
>
> Unspecified error
> ORA-01756: quoted string not properly terminated 
>
> Does that mean the site is vulnerable to SQL
> Injection? I tried ' OR 1=1-- and ' OR '1'='1'-- but I
> get same error message.
>
> Any help would be much appreciated.
>
> Clone
>
>
>       Meet people who discuss and share your passions. Go to http://in.promos.yahoo.com/groups
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part