WebApp Sec mailing list archives
Re: Is this expoitable via sql injection?
From: Rogan Dawes <discard () dawes za net>
Date: Fri, 14 Jan 2005 16:46:15 +0100
Nils Gundelach wrote:
Hi, i get the following error if i use foo"bar as username on a friends page:You have an error in your SQL syntax near 'bar$" AND `password` = '5f4dcc3b5aa765d61d8327deb882cf99'' at line 3] ( 1064 : You have an error in your SQL syntax near 'bar$" AND `password` = '5f4dcc3b5aa765d61d8327deb882cf99'' at line 3 )foo'bar does nothing. The password field is immune to injects with double quotes.I think it is not exploitable, but i'm not an sql expert. Regards, Nils
I'd guess that your query looks something like: query = 'SELECT * FROM XXX WHERE USERNAME = "' + username + '}$"';I'm not sure which of the password fields you supplied, but it does not look right in the error message. One field should not have any quotes around it, I think?
Nonetheless, from the first part, we should still be able to inject SQL, using something like:
username = 'foo$"--' // if you want to get access to user fooI add the '$' into the username, as it appears that the script does so itself. Maybe the database is structured something like:
username$, MD5(Password) Maybe I'm reading your error message wrong, though. Regards, Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- Is this expoitable via sql injection? Nils Gundelach (Jan 14)
- Re: Is this expoitable via sql injection? Rogan Dawes (Jan 15)
- Re: Is this expoitable via sql injection? Nils Gundelach (Jan 16)
- Exploits from command line? Benjamin Livshits (Jan 19)
- Re: Exploits from command line? Antoine Martin (Jan 23)
- Re: Is this expoitable via sql injection? Nils Gundelach (Jan 16)
- Re: Is this expoitable via sql injection? Rogan Dawes (Jan 15)