Penetration Testing mailing list archives
Re: SQL
From: root <root@localhost.localdomain>
Date: Tue, 20 Nov 2001 05:36:04 +0600
You can sql inject that form. To see more on these attacks check http://www.sqlsecurity.com/faq-inj.asp http://www.silksoft.co.za/data/sqlinjectionattack.htm -- jacg El Lun 19 Nov 2001 22:24, escribiste:
Hello all, I am doing a pen test against a IIS 5 web server. The web server requires a user name and password via a logon form. if a single quote character is entered (username)the following error is produced [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '' and password=''. I remember reading somewhere that this can be used to gain further access? but i cant find the info. Can any one help? Thanks in advance. Gary --------------------------------------------------------------------------- - This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/