WebApp Sec mailing list archives
sql comment in access
From: Robin Wood <dninja () gmail com>
Date: Fri, 20 Jan 2006 19:42:26 +0000
Hi I'm trying to get sql injection working against a access db. I've tried the standard -- as a comment and I've also tried %0A and %0D with no luck. Can anyone suggest any other ways to comment out the rest of the statement? Example: select * from login where username='inject here' and password='inject here as well' In MSSQL I would replace inject here with: ' or 1=1 -- what can I do in access? Robin ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- sql comment in access Robin Wood (Jan 20)
- Re: sql comment in access John Bond (Jan 23)
- Message not available
- Re: sql comment in access John Bond (Jan 23)
- Message not available
- Re: sql comment in access John Bond (Jan 23)
- <Possible follow-ups>
- sql comment in access Robin Wood (Jan 21)
- Re: sql comment in access Chuck (Jan 22)
- RE: sql comment in access Mark Atherton (Jan 23)
- Re: sql comment in access Robin Wood (Jan 23)