Penetration Testing mailing list archives
SQL
From: "Gary O'leary-Steele" <GaryO () sec-1 com>
Date: Mon, 19 Nov 2001 16:24:08 -0000
Hello all, I am doing a pen test against a IIS 5 web server. The web server requires a user name and password via a logon form. if a single quote character is entered (username)the following error is produced [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '' and password=''. I remember reading somewhere that this can be used to gain further access? but i cant find the info. Can any one help? Thanks in advance. Gary ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/