WebApp Sec mailing list archives
SQL injection
From: "Francesco" <francesco () blackcoil com>
Date: Sun, 16 Jan 2005 22:33:50 -0800
I have just discovered that I can successfully inject the following SQL: ' OR 1=1; -- into the Username field of a logon form on a "secure" site in my corporate network (Windows 2000, SQL 7.0). When I do this, leaving the password field blank, I am logged into the system as the first user in the "Users" table in the DB which is being authenticated against. LOL. If I can get that far, can't I theoretically: ' OR 1=1; DELETE Users; -- or something similar? Couldn't I EXEC some system sprocs this way too? How much damage/rooting can be done here? I need to present a detailed report to the admins. Thanks, Francesco Francesco Sanfilippo ------------------------------------------- Blackcoil Productions - http://blackcoil.com URL123 Link Service - http://url123.com
Current thread:
- SQL injection Francesco (Jan 19)
- Re: SQL injection James Riden (Jan 23)
- Re: SQL injection Josh Zlatin-Amishav (Jan 23)
- RE: SQL injection John McGuire (Jan 23)
- Re: SQL injection exon (Jan 23)
- Re: SQL injection Serg Belokamen (Jan 23)
- Re: SQL injection Cory Foy (Jan 23)
- Re: SQL injection nummish (Jan 23)