Re: sql comment in access

[Chuck <chuck.lists () gmail com>]

I don't remember the specifics of MS Access SQL, but a good place to
look and practice is with OWASP's WebGoat.  It uses a MS Access
backend when the server is run on Windows.

If you don't want to install it, you may be able to learn something
from browsing the source code and hints for the SQL injection lessons
at:

http://cvs.sourceforge.net/viewcvs.py/owasp/webgoat/src/lessons/

Good luck.

Chuck

On 1/19/06, Robin Wood <dninja () gmail com> wrote:
> Hi
> I'm trying to get sql injection working against a access db. I've
> tried the standard -- as a comment and I've also tried %0A and $0D
> with no luck. Can anyone suggest any other ways to comment out the
> rest of the statement?
>
> Robin
>
> -------------------------------------------------------------------------
> This List Sponsored by: Watchfire
>
> Watchfire's AppScan is the industry's first and leading web application
> security testing suite, and the only solution to provide comprehensive
> remediation tasks at every level of the application. See for yourself.
> Download AppScan 6.0 today.
>
> https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
> --------------------------------------------------------------------------

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------