WebApp Sec mailing list archives
RE: SQL Injection data retrieving??
From: "Mark McDonald" <m.mcdonald () cgl com au>
Date: Mon, 13 Sep 2004 14:10:26 +0800
I think he meant: does the __big_field column in the sysobjects table hold the name of the databases stored within -----Original Message----- From: Adam Tuliper [mailto:amt () gecko-software com] Sent: Sunday, 12 September 2004 9:48 PM To: webappsec () securityfocus com Subject: Re: SQL Injection data retrieving?? if it is your app as you said, wouldnt you then know if:
I assume that "__big_field" is the name of the databse? Right?
was indeed your own application's db name? : ) On Fri, 10 Sep 2004 10:44:58 -0400 "Adam Tuliper" <amt () gecko-software com> wrote:
If I read this right.. you are first testing against your own application before the pentest, right? On 10 Sep 2004 12:06:56 -0000 Roland Despins <roland2004 () romandie com> wrote:Hi, I'm practicing myself for a pentest. I'm trying to retrieve datas from a DB using some SQL injections. From now I asume that my WebApp is vulnerable to SQLinjections.
--- 8< --- snip --- 8< --- *** DISCLAIMER **** This e-mail and any attachments to it are confidential. If you receive them in error, please tell us immediately and delete them. You must not retain, distribute, disclose or otherwise use any information contained in them. Before opening or using any attachments with this e-mail you should check them for viruses and other defects. The sender does not warrant that they will be free from computer viruses or other defects. *******************
Current thread:
- SQL Injection data retrieving?? Roland Despins (Sep 10)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? nummish (Sep 11)
- Re: SQL Injection data retrieving?? Ben Timby (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 12)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- <Possible follow-ups>
- Re: SQL Injection data retrieving?? Roland Despins (Sep 12)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 13)
- RE: SQL Injection data retrieving?? Mark McDonald (Sep 13)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 13)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Peter Harrison (Sep 16)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Shields, Larry (Sep 18)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 11)