WebApp Sec mailing list archives

Re: about oracle sql injection

From: Mariusz Pękala <skoot () qi pl>
Date: Wed, 30 Nov 2005 09:45:55 +0100

On 2005-11-29 15:58:14 -0000 (Tue, Nov), limor188 () walla co il wrote:

2)Is there anyway to get information out of the db without knowing the column types?


Maybe NULLs will pass?

-- 
No virus found in this outgoing message.
Checked by 'grep -i virus $MESSAGE'
Trust me.

Attachment: _bin
Description:

Current thread:

about oracle sql injection limor188 (Nov 29)
- Re: about oracle sql injection Mariusz Pękala (Nov 30)
  - Re: about oracle sql injection Javier Fernandez-Sanguino (Dec 01)
- Re: about oracle sql injection Richard Moore (Dec 01)
- <Possible follow-ups>
- RE: about oracle sql injection LAROUCHE Francois (Dec 01)
  - Re: about oracle sql injection Javier Fernandez-Sanguino (Dec 02)
- Re: Re: about oracle sql injection limor188 (Dec 05)
- RE: Re: about oracle sql injection LAROUCHE Francois (Dec 06)
- RE: RE: Re: about oracle sql injection LAROUCHE Francois (Dec 07)
- Re: RE: Re: about oracle sql injection limor188 (Dec 07)