Network Security: Detailed info on RE: SQL injection

Subject:	RE: SQL injection
Date:	Wed, 19 Jan 2005 02:07:47 -0700

Quite a bit of damage could be done. If you have the patience, you can
map out every table/field in the database using a series of JOINS if I
remember correctly. You could then save a dump of all the data in that
database.  

John McGuire
BlackLight Systems


-----Original Message-----
I have just discovered that I can successfully inject the following SQL:

' OR 1=1; --

into the Username field of a logon form on a "secure" site in my
corporate network (Windows 2000, SQL 7.0).  When I do this, leaving the
password field blank, I am logged into the system as the first user in
the "Users" table in the DB which is being authenticated against.  LOL.

If I can get that far, can't I theoretically:

' OR 1=1; DELETE Users; --

or something similar?  Couldn't I EXEC some system sprocs this way too? 
How much damage/rooting can be done here?  I need to present a detailed
report to the admins.

<Prev in Thread]	Current Thread	[Next in Thread>
SQL injection, Francesco Re: SQL injection, James Riden Re: SQL injection, Josh Zlatin-Amishav RE: SQL injection, John McGuire <= Re: SQL injection, exon Re: SQL injection, Serg Belokamen Re: SQL injection, Cory Foy Re: SQL injection, nummish

Previous by Date:	Re: SQL injection, Josh Zlatin-Amishav
Next by Date:	Re: Proposal to anti-phishing, exon
Previous by Thread:	Re: SQL injection, Josh Zlatin-Amishav
Next by Thread:	Re: SQL injection, exon
Indexes:	[Date] [Thread] [Top] [All Lists]