WebApp Sec mailing list archives
Re: Simple to exploit SQL Injection ?
From: "Dean H. Saxe" <dean () fullfrontalnerdity com>
Date: Mon, 28 Nov 2005 15:55:25 -0500
Actually, it is not escaped, if it was the error would never occur. What you are seeing is the opening single quote from the query, the single quote passed by the user, the closing single quote from the query and a final single quote from the error message. ;-)
-dhs Dean H. Saxe, CEH dean () fullfrontalnerdity com"What difference does it make to the dead, the orphans, and the homeless, whether the mad destruction is wrought under the name of totalitarianism or the holy name of liberty and democracy? "
--Gandhi On Nov 28, 2005, at 8:11 AM, Rich Bergmann wrote:
The application is apparently "escaping" (doubling-up) quotes in thepassword field. This is good practice, although a better (best?) practicewould be to parameterize the query.AFAIK, SQL injection on this form will be difficult, if not impossible.-----Original Message----- From: Jason binger [mailto:cisspstudy () yahoo com] Sent: Sunday, November 27, 2005 7:50 PM To: webappsec () securityfocus com Subject: Simple to exploit SQL Injection ? I am reviewing a .Net web application. When entering xyz for a username and ' for a password into a form I receive the following stack trace (extract): System.Exception: Can't Load DataReader using SQL string: 'SELECT * FROM users WHERE username = 'xyz' AND password = '''' -- Unclosed quotation mark before the character string '''. Line 1: Incorrect syntax near '''. Now I would have thought this would be easy to exploit, but I can't bypass the logon page. xyz is a valid username. Any ideas? Cheers __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Current thread:
- Simple to exploit SQL Injection ? Jason binger (Nov 28)
- Re: Simple to exploit SQL Injection ? Eoin Keary (Nov 28)
- Re: Simple to exploit SQL Injection ? Yousef Syed (Nov 28)
- RE: Simple to exploit SQL Injection ? Rich Bergmann (Nov 28)
- Re: Simple to exploit SQL Injection ? Dean H. Saxe (Nov 29)
- RE: Simple to exploit SQL Injection ? Victor Chapela (Nov 29)
- Re: Simple to exploit SQL Injection ? bryan allott (Nov 29)
- <Possible follow-ups>
- RE: Simple to exploit SQL Injection ? Haaland, Vegar Linge (Nov 28)
- RE: Simple to exploit SQL Injection ? Pilon Mntry (Nov 29)
- RE: Simple to exploit SQL Injection ? Griffiths, Ian (Nov 28)
- RE: Simple to exploit SQL Injection ? LAROUCHE Francois (Nov 29)
- RE: Simple to exploit SQL Injection ? Matt Fisher (Nov 30)