|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 103
Members: 0
Total: 103
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
MS SQL Problem |
|
Posted: Mon Apr 12, 2010 1:47 pm |
|
|
absorb |
Regular user |
|
|
Joined: May 06, 2009 |
Posts: 14 |
|
|
|
|
|
|
|
Hi, so I'm stuck at some point with MS SQL Injection. I started with adding ' at the end as usual. Site didn't change. Next I changed: the ?id=1' to ?id=-1'
Some values dissapeared, so it's a good sign (I think), added UNION ALL SELECT 1,2-- and got an error.
Then I used my own program to check the columns - 197 and the error was gone, but i got spammed with them all -_-. After changing some column number (for example with @@VERSION) the site still displays lots of data from the database but nothing changes. Tried with 196 columns = error, 197 and up = no error. Why I don't get and error with more than 197? I tried to add "+" between everything and it killed the "Syntax error" error... If anyone have any idea or questions - just ask and I'll post more pics or something. Thanks |
|
|
|
|
Posted: Mon Apr 12, 2010 5:41 pm |
|
|
VERTIGO |
Advanced user |
|
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Tue Apr 13, 2010 5:25 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
Hey absorb,
VERTIGO has pm'ed me the url.
I'm afraid SQLi isn't possible on this one.
As it turns out, mssql tries to convert the parameter to an integer, which is offcourse impossible if you add text to the parameter...
I think you won't be possible to exploit this one, or at least I can't. |
|
|
|
|
Posted: Tue Apr 13, 2010 6:18 pm |
|
|
absorb |
Regular user |
|
|
Joined: May 06, 2009 |
Posts: 14 |
|
|
|
|
|
|
|
K, thanks for the help guys.
PS. Actually a guy on hackforums PM'ed me some table.column values :O So it's maybe possible |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|