WebApp Sec mailing list archives
RE: SQL Injection data retrieving??
From: "Shields, Larry" <Larry.Shields () FMR COM>
Date: Wed, 15 Sep 2004 11:07:49 -0400
Just use blind SQL injection techniques documented in various whitepapers on the topic to grab the data field within an AND, use substring to grab a single letter, then do comparisons that return true or false to see if it's greater than the letter 'm' or not. If the page returns normally, you've got a true condition, if it fails, you've got a false condition. Adjust your letter and continue until you have it. Even if you can't return the entire field somewhere on the page, you can use this technique to pull the data out (even if it's slow until you automate the process). See http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf for an example. -Larry -----Original Message----- From: Jonathan Angliss [mailto:jon () netdork net] Sent: Tuesday, September 14, 2004 4:29 PM To: Roland Despins Cc: webappsec () securityfocus com Subject: Re: SQL Injection data retrieving?? Hi Roland, Monday, September 13, 2004, 1:26:47 AM, you wrote:
ou application is vulnerable to SQL injection and I'm trying to build some sort of "exploit" in order to show them how simple it is to get data out of our database! So they might consider security from a other
point of view...
Extracting data is just one point of an exploit... you can always destroy the data, or modify it so it is unusable. They might be more influenced towards a more secure setup when all their data becomes corrupt and unusuable, or even worse, missing. -- Jonathan Angliss (jon () netdork net) I am Drunk of Borg. Resistance is floor tile!
Current thread:
- Re: SQL Injection data retrieving??, (continued)
- Re: SQL Injection data retrieving?? Ben Timby (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 11)
- Re: SQL Injection data retrieving?? Adam Tuliper (Sep 12)
- Re: SQL Injection data retrieving?? saphyr (Sep 12)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 12)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 13)
- RE: SQL Injection data retrieving?? Mark McDonald (Sep 13)
- Re: SQL Injection data retrieving?? Roland Despins (Sep 13)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Peter Harrison (Sep 16)
- Re: SQL Injection data retrieving?? Jonathan Angliss (Sep 15)
- RE: SQL Injection data retrieving?? Shields, Larry (Sep 18)