WebApp Sec mailing list archives
yet another injection question
From: "ronen" <ronen () avnet co il>
Date: Tue, 15 Apr 2003 09:48:47 +0200
Hello all, While pen testing a web application, and bypassing the authentication using a basic injection, I've tried to add a user to the database through a built-in form. However, when sending the URL, I received the follows: [Microsoft][ODBC SQL Server Driver][SQL Server]Cannot insert the value NULL into column 'FOO', table 'BAR'; column does not allow nulls. INSERT fails. The request URL has a field named 'FOO', and I explicitly inserted a value to that field. I was logged in with a privileged user (seems to have the highest privileges available ). Any idea what's the reason for the mentioned ODBC error. BTW, the system is a 'Microsoft SQL Server 7.00 - 7.00.1063' running on Windows NT 5.0 (Build 2195: Service Pack 3). Thanking you all in advance. Ronen
Current thread:
- yet another injection question ronen (Apr 15)
- Re: yet another injection question Kevin Spett (Apr 15)
- <Possible follow-ups>
- RE: yet another injection question Jacob Hurley (Apr 15)
- RE: yet another injection question ronen (Apr 15)
- RE: yet another injection question David Cameron (Apr 15)