Last Saturday I started Portal Security Assessment for one of my client here in Saudi. And last night I completed a validation of all my findings. What make interesting during the assessment is, I found a potential SQL Injection on the portal which is a good thing for me... But the challenge is to enumerate tables and columns manually since most of tools that supposed to get the information failed to do so.... So I tried manually and play around with the injections but I still couldn't get what I want.During my homeworks, I found a few interesting ways to print some of the informations. If you have any idea how to use following methods to enumerate tables and column, please let me know.
convert(int,convert(varchar,INJECTION_PARAMETER_HERE)) (convert(varchar(255),(INJECTION_PARAMETER_HERE)))--
For example:
http://microsoft.com/hello.asp?id=convert(int,convert(varchar,@@version))
http://microsoft.com/hello.asp?id=(convert(varchar(255),(@@version)))--
No comments:
Post a Comment