RE: SQL Injection data retrieving??

["Mark McDonald" <m.mcdonald () cgl com au>]

I think he meant: does the __big_field column in the sysobjects table hold the name of the databases stored within


-----Original Message-----
From: Adam Tuliper [mailto:amt () gecko-software com] 
Sent: Sunday, 12 September 2004 9:48 PM
To: webappsec () securityfocus com
Subject: Re: SQL Injection data retrieving??


if it is your app as you said, wouldnt you then know if:

> > I assume that "__big_field" is the name of the databse?
> > Right?

was indeed your own application's db name? : )



On Fri, 10 Sep 2004 10:44:58 -0400
 "Adam Tuliper" <amt () gecko-software com> wrote:
> If I read this right.. you are first testing against your
> own application before the pentest, right?
>
>
> On 10 Sep 2004 12:06:56 -0000
>  Roland Despins <roland2004 () romandie com> wrote:
> > Hi,
> >
> > I'm practicing myself for a pentest. I'm trying to
> > retrieve datas from a DB using some SQL injections. 
> >
> > From now I asume that my WebApp is vulnerable to
> > SQLinjections.


--- 8< --- snip --- 8< ---

*** DISCLAIMER ****

This e-mail and any attachments to it are confidential. 
If you receive them in error, please tell us immediately and delete them. 
You must not retain, distribute, disclose or otherwise use any 
information contained in them.


Before opening or using any attachments with this e-mail you should check
them for viruses and other defects. The sender does not warrant that they
will be free from computer viruses or other defects.

*******************