sql injection - missed it at bh/defcon

From: nemo latin (nemo_oldat_private)
Date: Tue Aug 07 2001 - 12:04:10 PDT

  • Next message: Gary O'leary-Steele: "buffer overflows"

    I missed the SQL injection talks at bh/defcon - must
    have been my fault - I was told that they were good
    presentations.  However I did see in the CD a glimpse
    of some injection techniques that I tried to follow as
    I have a internal WEB app that has the following
    iis 4.0 (with all patches) - I even tried the old %2e
    asp display the source code and and all variants of
    the showcode.asp !  darn those security conscious
    admins !
    input screen is javascript with a form - I can view
    the input page to see the script !
    form requires 2 inputs
    login & password
    placing a  '  in the login box produces the following
    Microsoft OLE DB Provider for ODBC Drivers error
    [Microsoft][ODBC SQL Server Driver][SQL
    Server]Unclosed quote before the character string '''.
    /Login.asp, line 73 
    They must not be screening out the  '  and thanks to
    the error messages I know that the result is going to
    be passed to an SQl server.  What next ??
    I tried
    in the login box and  & got a message saying that the
    login name was not found
    I tried
    login name =   valid name
    with a password of
     union select * from users where admin=1
    and the message sez the password is wrong for the
    I also tried
     union select * from users where admin=1
    in the login field and received a message saying that
    the login was longer than 7 characters
    Perhaps I am missing some intermediate step(s) ??
    Any suggestions ??
    Do You Yahoo!?
    Make international calls for as low as $.04/minute with Yahoo! Messenger
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:18:55 PDT