WebApp Sec mailing list archives

Re: ORACLE SQL Injection Question

From: Cesar <cesarc56 () yahoo com>
Date: Tue, 4 Nov 2003 06:04:47 -0800 (PST)

Hi.

Take a look here, many cool papers and articles:
http://www.petefinnigan.com/orasec.htm

Cesar.
--- Mike Rauch <michaelraouch () yahoo com> wrote:

Hello,
I'm performing an assesment on one of our web
applications (black box type) and I came acrooss two
interesting error messages from an Oracle DB when I
supply a 'SELECT statement. The messages are:
 a)  ORA-00933 SQL Command not properly ended
 b)  ORA-00917 Missing comma

I tried various formats to form an SQL statment that
can be parsed but no success.

Does anyone can shed any light as to what I may be
able to try?

Thanks !

Mike 

__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/



__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

Current thread:

ORACLE SQL Injection Question Mike Rauch (Nov 03)
- Re: ORACLE SQL Injection Question Cesar (Nov 04)
- <Possible follow-ups>
- Re: ORACLE SQL Injection Question Kenneth Duran (Nov 04)
- RE: ORACLE SQL Injection Question Pitts, Christopher C. (Nov 04)