July 30, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Forums > Discussions > SQL Server Security
Subject: retrieving int value
Prev Next
Add Reply

Author Messages
ddk (guest)
10/10/2006 10:15 AM Quote Reply Alert 
Hello!
I've made a script in asp intencionally vulnerable to a sql inj so I could learn from it. The problem is, I don't know how to retrieve data from a column that contains numeric values.
The login page asks for user id( a number from 0 to 2000) and the password. There are many columns in the table where "userid" and "password" are, such as full name, dob, etc.

What I'm trying to do is this(in the userid text field):
' UNION SELECT TOP 1 1,2,3,4,userid FROM members--

But nothing happens, I think that's bacause the sql query is being correctly evaluated.


Thanks in advance

Chip Andrews (guest)
10/13/2006 11:03 AM Quote Reply Alert 
Since you control the environment, try using SQL Profiler to watch your attack. You can then see the exact SQL Query as it is passed to the server. That should help you see the issue.
Add Reply
Forums > Discussions > SQL Server Security > retrieving int value
Quick Reply
Username:  
Subject:  
Body:
 



ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use