WebApp Sec mailing list archives
Re: about oracle sql injection
From: Mariusz Pękala <skoot () qi pl>
Date: Wed, 30 Nov 2005 09:45:55 +0100
On 2005-11-29 15:58:14 -0000 (Tue, Nov), limor188 () walla co il wrote:
2)Is there anyway to get information out of the db without knowing the column types?
Maybe NULLs will pass? -- No virus found in this outgoing message. Checked by 'grep -i virus $MESSAGE' Trust me.
Attachment:
_bin
Description:
Current thread:
- about oracle sql injection limor188 (Nov 29)
- Re: about oracle sql injection Mariusz Pękala (Nov 30)
- Re: about oracle sql injection Javier Fernandez-Sanguino (Dec 01)
- Re: about oracle sql injection Richard Moore (Dec 01)
- <Possible follow-ups>
- RE: about oracle sql injection LAROUCHE Francois (Dec 01)
- Re: about oracle sql injection Javier Fernandez-Sanguino (Dec 02)
- Re: Re: about oracle sql injection limor188 (Dec 05)
- RE: Re: about oracle sql injection LAROUCHE Francois (Dec 06)
- RE: RE: Re: about oracle sql injection LAROUCHE Francois (Dec 07)
- Re: RE: Re: about oracle sql injection limor188 (Dec 07)
- Re: about oracle sql injection Mariusz Pękala (Nov 30)