WebApp Sec mailing list archives
Re: Simple to exploit SQL Injection ?
From: "bryan allott" <homegrown () bryanallott net>
Date: Mon, 28 Nov 2005 21:42:44 +0200
just a by-the-by... although not a successful SQL injection attack, the error message you're receiving as a public user already tell you a little about their database... Probably not too much to go with, but a better exception message would have been: "Invalid credentials" or something equally generic and less revealing.so probably also be on the lookout for other places where more information is displayed than usual.. other famous .Net parser and other jit compile errors tell u quite a bit about the filesystem :)
----- Original Message ----- From: "Jason binger" <cisspstudy () yahoo com>
To: <webappsec () securityfocus com> Sent: Monday, November 28, 2005 2:49 AM Subject: Simple to exploit SQL Injection ? I am reviewing a .Net web application. When entering xyz for a username and ' for a password into a form I receive the following stack trace (extract): System.Exception: Can't Load DataReader using SQL string: 'SELECT * FROM users WHERE username = 'xyz' AND password = '''' -- Unclosed quotation mark before the character string '''. Line 1: Incorrect syntax near '''. Now I would have thought this would be easy to exploit, but I can't bypass the logon page. xyz is a valid username. Any ideas? Cheers __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.8/184 - Release Date: 27-Nov-05
Current thread:
- Simple to exploit SQL Injection ? Jason binger (Nov 28)
- Re: Simple to exploit SQL Injection ? Eoin Keary (Nov 28)
- Re: Simple to exploit SQL Injection ? Yousef Syed (Nov 28)
- RE: Simple to exploit SQL Injection ? Rich Bergmann (Nov 28)
- Re: Simple to exploit SQL Injection ? Dean H. Saxe (Nov 29)
- RE: Simple to exploit SQL Injection ? Victor Chapela (Nov 29)
- Re: Simple to exploit SQL Injection ? bryan allott (Nov 29)
- <Possible follow-ups>
- RE: Simple to exploit SQL Injection ? Haaland, Vegar Linge (Nov 28)
- RE: Simple to exploit SQL Injection ? Pilon Mntry (Nov 29)
- RE: Simple to exploit SQL Injection ? Griffiths, Ian (Nov 28)
- RE: Simple to exploit SQL Injection ? LAROUCHE Francois (Nov 29)
- RE: Simple to exploit SQL Injection ? Matt Fisher (Nov 30)