September 06, 2010
Login
|
Home
FAQs
SQL Server FAQ
SQL Injection FAQ
SQL Security Checklist
SQL Server-Related Products
SQL Server/MSDE-Based Applications
SQL Server Version Database
Tools
Lockdown Script
Free Tools
Free Analysis
Group Policy Templates
Commercial Tools
Community
Discussions
Links
About
Search
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Unanswered
Active Topics
Forums
Search
UserName:
Subject:
retrieving int value
Body:
[quote]Posted By n/a on 10/10/2006 10:15 AM Hello! :) I've made a script in asp intencionally vulnerable to a sql inj so I could learn from it. The problem is, I don't know how to retrieve data from a column that contains numeric values. The login page asks for user id( a number from 0 to 2000) and the password. There are many columns in the table where "userid" and "password" are, such as full name, dob, etc. What I'm trying to do is this(in the userid text field): ' UNION SELECT TOP 1 1,2,3,4,userid FROM members-- But nothing happens, I think that's bacause the sql query is being correctly evaluated. Thanks in advance [/quote]
Show Replies:
ActiveForums 3.6
Copyright 1999 by Chip Andrews
|
Privacy Statement
|
Terms Of Use