WebApp Sec mailing list archives
Re: SQL injection
From: exon <exon () home se>
Date: Wed, 19 Jan 2005 10:11:05 +0100
Francesco wrote:
I have just discovered that I can successfully inject the following SQL: ' OR 1=1; -- into the Username field of a logon form on a "secure" site in my corporate network (Windows 2000, SQL 7.0). When I do this, leaving the password field blank, I am logged into the system as the first user in the "Users" table in the DB which is being authenticated against. LOL. If I can get that far, can't I theoretically: ' OR 1=1; DELETE Users; --
With proper SQL, yes (the above is not).
or something similar? Couldn't I EXEC some system sprocs this way too?
Not normally, no.
How much damage/rooting can be done here?
No rooting, but you should be able to create a privileged account for yourself or update the password of some other user so you can use that. Google for SQL injections. You should find about 20000 pages.
I need to present a detailed report to the admins.
Yeah, right.
Thanks, Francesco Francesco Sanfilippo -------------------------------------------Blackcoil Productions - http://blackcoil.com URL123 Link Service - http://url123.com
Current thread:
- SQL injection Francesco (Jan 19)
- Re: SQL injection James Riden (Jan 23)
- Re: SQL injection Josh Zlatin-Amishav (Jan 23)
- RE: SQL injection John McGuire (Jan 23)
- Re: SQL injection exon (Jan 23)
- Re: SQL injection Serg Belokamen (Jan 23)
- Re: SQL injection Cory Foy (Jan 23)
- Re: SQL injection nummish (Jan 23)