hola, thats dependend heavily on the interface the web-app uses! as an example .. (ODBC+MSSQL+PHP) does not recognize comments .. did you try out a NULL-BYTE[\000] ? if it is not possible to premature cut-off the query .. i d recommand combining the original query with UNION and SUBSELECT-Statements .. you said: >Hi, >I am currently testing SQL injection with a web application and MS Access >database. I have some difficulties as I do not knowing the comment >character >for Access Database. cu rC securityat_private http://www.freefly.com/security/ _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 17:28:59 PST