WebApp Sec mailing list archives
Re: Is this expoitable via sql injection?
From: Nils Gundelach <nils () darktec org>
Date: Sun, 16 Jan 2005 14:49:28 +0100
Hi, i can't test your suggestions because he fixed the bug. Thanks for help! I'll keep that in mind. Regards, Nils Rogan Dawes wrote:
I'd guess that your query looks something like: query = 'SELECT * FROM XXX WHERE USERNAME = "' + username + '}$"';I'm not sure which of the password fields you supplied, but it does not look right in the error message. One field should not have any quotes around it, I think?Nonetheless, from the first part, we should still be able to inject SQL, using something like:username = 'foo$"--' // if you want to get access to user fooI add the '$' into the username, as it appears that the script does so itself. Maybe the database is structured something like:username$, MD5(Password) Maybe I'm reading your error message wrong, though. Regards, Rogan
Current thread:
- Is this expoitable via sql injection? Nils Gundelach (Jan 14)
- Re: Is this expoitable via sql injection? Rogan Dawes (Jan 15)
- Re: Is this expoitable via sql injection? Nils Gundelach (Jan 16)
- Exploits from command line? Benjamin Livshits (Jan 19)
- Re: Exploits from command line? Antoine Martin (Jan 23)
- Re: Is this expoitable via sql injection? Nils Gundelach (Jan 16)
- Re: Is this expoitable via sql injection? Rogan Dawes (Jan 15)