WebApp Sec mailing list archives
Re: ORACLE SQL Injection Question
From: "Kenneth Duran" <KDURAN () pn usbr gov>
Date: Tue, 04 Nov 2003 11:08:18 -0700
I asked my D.B.A. and his suggestion is to break down the command into a series of one line commands instead of using the commas. Kenneth M. Duran, CISSP PN Network Security Manager kduran () pn usbr gov (208)-378-5146
Mike Rauch <michaelraouch () yahoo com> 11/03/03 07:57AM >>>
Hello, I'm performing an assesment on one of our web applications (black box type) and I came acrooss two interesting error messages from an Oracle DB when I supply a 'SELECT statement. The messages are: a) ORA-00933 SQL Command not properly ended b) ORA-00917 Missing comma I tried various formats to form an SQL statment that can be parsed but no success. Does anyone can shed any light as to what I may be able to try? Thanks ! Mike __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/
Attachment:
Kenneth Duran.vcf
Description:
Current thread:
- ORACLE SQL Injection Question Mike Rauch (Nov 03)
- Re: ORACLE SQL Injection Question Cesar (Nov 04)
- <Possible follow-ups>
- Re: ORACLE SQL Injection Question Kenneth Duran (Nov 04)
- RE: ORACLE SQL Injection Question Pitts, Christopher C. (Nov 04)