WebApp Sec mailing list archives
Re: SQL Injection data retrieving??
From: Jonathan Angliss <jon () netdork net>
Date: Sun, 12 Sep 2004 23:13:31 -0500
Hello Roland, Saturday, September 11, 2004, 5:06:12 PM, you wrote:
In-Reply-To: <47650053.20040910143111 () netdork net>
Thanks Jonathan for your help and clear explanations...
I've been able to extract all the columns and table name from my database but I couldn't get back the data.
I've tried: "select * from __dellist" etc.. but dind't work:
Error Type: (0x80020009) Exception occurred.
I guess is because the script isn't designed to handle the output?
This is most likely. If the webserver is being nice, it might detail the line the error occurred on, and allow you to do more research on what went wrong.
I've try to generate an error using the convert(int,string) but it didn't work!
You know what the fields are, and if you know the script, you can expand the sql statement to convert each name on the data you're trying to fetch into the names the script is expecting: select field1 as script_1, field2 as script_2 from __dellist Where field1 is the name of the field in the database, and script_1 is the name the script is expecting. That might allow the script to work with the right field names. However, if you don't know the script, then that'd be a pain. You could also get into a situation where the script uses field IDs, and not names. It's been a while since I've played with ASP, but I think you can access fields by id in the record set.
Are there really no other way to retreive datas once we have "blind discover" the structure of the database?
That can all depend on the script you're attempting to pass the injection to.
One other question: do you know a script that would automate the process of getting the tables and columns name? I know there is a commercial one called "SQL Injector" (http://www.spidynamics.com/products/Comp_Audit/toolkit/SQLinjector.html) but is there a open source one?
I think somebody had mentioned they had a script that can handle it. -- Jonathan Angliss <jon () netdork net>
Current thread:
- SQL Injection data retrieving?? Roland Despins (Sep 10)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? nummish (Sep 11)
- Re: SQL Injection data retrieving?? Ben Timby (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 12)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- <Possible follow-ups>
- Re: SQL Injection data retrieving?? Roland Despins (Sep 12)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 13)
- RE: SQL Injection data retrieving?? Mark McDonald (Sep 13)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 13)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Peter Harrison (Sep 16)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Shields, Larry (Sep 18)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)