Penetration Testing mailing list archives
Re: Quite basic SQL injection question
From: Justin Klein Keane <jkleinkeane () gmail com>
Date: Tue, 19 Apr 2011 08:39:09 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since the order columns are valid in the select definition why would you need to screen them out? What is the error you are getting? Justin Klein Keane http://www.MadIrish.net The digital signature on this message can be confirmed using the public key at http://www.madirish.net/gpgkey On 04/18/2011 03:51 AM, Alexandre De Dommelin wrote:
Hi all, I'm evaluating PHP/Mysql code and I found a problem, in the following code : <?php $query=" SELECT * FROM table1 m JOIN table2 t $condition ORDER BY m.field1, t.field2 "; $db->query($query); ?> I'm able to inject everything I want into $condition, but I can't manage to make the ORDER clause to be ignored (using -- /* ...), which leads to an sql error. I'm sure it's quite stupid but I have to admit that i'm stucked ... Do you have an idea ? Bests, Alex
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iPwEAQECAAYFAk2tgmkACgkQkSlsbLsN1gCUkwb/dg58a3rvgQIEO4hUnTDVrSxs K76pXan5dEy+B7HS5xLOzBTdN+bsxU+nTnkjzj6FaycADpnzQjDrwUkXHPM4vGjc oO24Oy9x1ks3v6CTo5d/rdWFPZb+yNgWfRyR/Wuz1SOFS5j1ABzbjnsfrIbjBWHg vZ2TxKSINxiedwrA6lMs8LcuQ/VqKxWRqcyxxATgcIGiEUSuvIi/6jaTOr8zSgr3 UggYk5VCboii+afPaNMDojZvdZwJuY9707V7+AajKjr/UvdrID9BiC1ZRwoxG7PK TED4UPUFRnw3GK3YOvE= =E3iv -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Quite basic SQL injection question Alexandre De Dommelin (Apr 19)
- Re: Quite basic SQL injection question arvind doraiswamy (Apr 22)
- Re: Quite basic SQL injection question Justin Klein Keane (Apr 22)
- Re: Quite basic SQL injection question danuxx (Apr 22)