First of all:
> Input: ') from getpolicynumber -- "'"
> Result:
> Microsoft OLE DB Provider for ODBC Drivers error '80004005'
>
> [Microsoft][ODBC driver for Oracle][Oracle]ORA-04044: procedure, function,
> package, or type is not allowed here
There is no magical comment character in Oracle. -- is only good in SQL
Server.
> [Microsoft][ODBC driver for Oracle][Oracle]ORA-06553: PLS-306: wrong
number
> or types of arguments in call to 'GETPOLICYNUMBER'
Hmmm, looks like your input is going to a user defined stored procedure.
That could mean that you're out of luck.
Try seeing if using a subselect or a union works. Here are some examples:
Subselect: (SELECT blah FROM bleh WHERE 1=1)
Union: ') UNION SELECT blah, blah, blah FROM bleh WHERE (''='
I've got a paper on the way soon that'll go into detail on these things.
Kevin Spett
Czar of SQL Injection
SPI Dynamics, Inc.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 15:40:19 PST