WebApp Sec mailing list archives

ORACLE SQL Injection Question

From: Mike Rauch <michaelraouch () yahoo com>
Date: Mon, 3 Nov 2003 06:57:31 -0800 (PST)

Hello,
I'm performing an assesment on one of our web
applications (black box type) and I came acrooss two
interesting error messages from an Oracle DB when I
supply a 'SELECT statement. The messages are:
 a)  ORA-00933 SQL Command not properly ended
 b)  ORA-00917 Missing comma

I tried various formats to form an SQL statment that
can be parsed but no success.

Does anyone can shed any light as to what I may be
able to try?

Thanks !

Mike 

__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/

Current thread:

ORACLE SQL Injection Question Mike Rauch (Nov 03)
- Re: ORACLE SQL Injection Question Cesar (Nov 04)
- <Possible follow-ups>
- Re: ORACLE SQL Injection Question Kenneth Duran (Nov 04)
- RE: ORACLE SQL Injection Question Pitts, Christopher C. (Nov 04)