RE: Oracle URL SQL Injection issue

From: Thakrar, Saurabh (saurabh.thakrar@roche.com)
Date: Fri Jan 18 2008 - 13:37:25 EST

• Next message: Bipin Upadhyay: "Re: http TRACE option"
• Previous message: Danux: "Re: Oracle URL SQL Injection issue"
• In reply to: Clone: "Oracle URL SQL Injection issue"
• Next in thread: David Howe: "Re: Oracle URL SQL Injection issue"
• Reply: David Howe: "Re: Oracle URL SQL Injection issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try using NetCat, add on tool on Firefox for SQL Injections...

--
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Clone
Sent: Thursday, January 17, 2008 7:21 PM
To: pen-test@securityfocus.com
Subject: Oracle URL SQL Injection issue
Hey List
I am pen testing a web app that supplies sql
parameters on the URL something like
http://x.y.z.a/item.php?Id=90
I did blind sql injection by adding AND 1=1 to confirm
the vulnerability.
Now when I do
http://x.y.z.a/item.php?Id=90'
I get 
ociparse() [function.ociparse]: OCIParse: ORA-01756:
quoted string not properly terminated in item.php on
line 312
Then I tried (after confirming presence of usr table
name)
http://x.y.z.a/item.php?Id=90%20UNION%20SELECT%20*%20from%20usr;--
and I get the error
ociexecute() [function.ociexecute]: OCIStmtExecute:
ORA-01789: query block has incorrect number of result
columns in dbs.inc on line 44
I know one valid user account in the oracle DB.
Any idea what's the best strategy to move forward?
I'm not getting any further from here so far.
Any advise / helpo would be much appreciated.
Cheers'
      5, 50, 500, 5000 - Store N number of mails in your inbox. Go to
http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Bipin Upadhyay: "Re: http TRACE option"
• Previous message: Danux: "Re: Oracle URL SQL Injection issue"
• In reply to: Clone: "Oracle URL SQL Injection issue"
• Next in thread: David Howe: "Re: Oracle URL SQL Injection issue"
• Reply: David Howe: "Re: Oracle URL SQL Injection issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT