Re: Oracle SQL Injection vulnerability

From: Joxean Koret (joxeankoret@yahoo.es)
Date: Mon Nov 19 2007 - 13:01:46 EST


Hi,

Yes, it appears to be vulnerable. Try, also, the following string:

'='' --

I found many times SQL commands construsted as follows:

SELECT * FROM users WHERE '<user_entered_value>' = user_name

Regards,
Joxean Koret

On lun, 2007-11-19 at 09:32 +0000, Attari Attari wrote:
> Hi Group,
>
> I'm doing a penetration test for a client on their web
> portal. When I give ' on the username field I was
> received with an error from the server:
>
> Unspecified error
> ORA-01756: quoted string not properly terminated
>
> Does that mean the site is vulnerable to SQL
> Injection? I tried ' OR 1=1-- and ' OR '1'='1'-- but I
> get same error message.
>
> Any help would be much appreciated.
>
> Clone
>
>
> Meet people who discuss and share your passions. Go to http://in.promos.yahoo.com/groups
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>


                
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y msviles desde 1 cintimo por minuto.
http://es.voice.yahoo.com




This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:13 EDT