Re: SQL Injection - data ntext,image cannot group by....

From: Kevin Spett (kspettat_private)
Date: Wed Mar 20 2002 - 18:58:28 PST

Next message: Fernando Cardoso: "RE: SMB-Link in Lotus Notes"

Previous message: mel: "SQL Injection - retrieving all rows"
In reply to: Sony Arianto Kurniawan: "SQL Injection - data ntext,image cannot group by...."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Try the convert hack if it's SQL Server.  Make your injection string
something like this:
    convert(int, (convert(varchar, (SELECT TOP 1 name FROM sysobjects WHERE
xtype='U'))))
You should get back an error message that contains the first name in
sysobjects.

Again, if it's SQL Server, you can inject procedures.  Try injecting
sp_makewebtask, which has been discussed on this list twice in the last week
I think.

You also might want to include in your report that (in theory) they may get
a slight performance increase by using type ntext instead of text.  The text
data type is really there to just include extra information that isn't
supposed to be used in applications often (or at least that's my
understanding of it.)


Kevin Spett
SPI Dynamics, Inc.

----- Original Message -----
From: "Sony Arianto Kurniawan" <sony-akat_private>
To: <pen-testat_private>
Sent: Tuesday, March 19, 2002 8:39 AM
Subject: SQL Injection - data ntext,image cannot group by....


> Dear pen tester,
> I'm interested in SQL injection. I try to know the table structure using '
> having 1=1 --  and ' group by [table_name].[field_name]   to enumerate the
> fields.
> But the table contains field with text or image type. I can't use group by
> and I can't continue the injection :( Is there any method to address this
> problem?
> Thanks.
>
> Sony AK
> http://www.aritechdev.com/
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Fernando Cardoso: "RE: SMB-Link in Lotus Notes"
Previous message: mel: "SQL Injection - retrieving all rows"
In reply to: Sony Arianto Kurniawan: "SQL Injection - data ntext,image cannot group by...."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 08:26:56 PST