Monday, August 27, 2007

SQLinjection -- convert method

Last Saturday I started Portal Security Assessment for one of my client here in Saudi. And last night I completed a validation of all my findings. What make interesting during the assessment is, I found a potential SQL Injection on the portal which is a good thing for me... But the challenge is to enumerate tables and columns manually since most of tools that supposed to get the information failed to do so.... So I tried manually and play around with the injections but I still couldn't get what I want.

During my homeworks, I found a few interesting ways to print some of the informations. If you have any idea how to use following methods to enumerate tables and column, please let me know.

convert(int,convert(varchar,INJECTION_PARAMETER_HERE)) (convert(varchar(255),(INJECTION_PARAMETER_HERE)))--

For example:,convert(varchar,@@version)),(@@version)))--

No comments: