OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Zacharias Pigadas (zpigspace.gr)
Date: Thu Mar 21 2002 - 01:04:18 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello,

    I will have to disappoint you but in that case you have to run multiple
    queries as follows:

    Suppose this is your SQL injection string:
    SELECT field1, field2 FROM table where 1=1 : This will return you the first
    row in the table say value1, value2

    Second query will be something like that:

    SELECT field1, field2 FROM table where 1=1 AND (((field1 NOT IN (value1))
    AND (field2 NOT IN (value2))): This will return you the second row in the
    table say value21, value22

    third query:
    SELECT field1, field2 FROM table where 1=1 AND (((field1 NOT IN
    (value1,value21)) AND (field2 NOT IN (value2,value22))): This will return
    you the second row in the table say value31, value32

    Well you get the idea....

    This can be scripted...

    Zach

    > -----Original Message-----
    > From: mel [mailto:melingscan-associates.net]
    > Sent: Wednesday, March 20, 2002 1:25 PM
    > To: pen-testsecurityfocus.com
    > Subject: SQL Injection - retrieving all rows
    >
    >
    > Hi,
    >
    > I've been able to enumerate over 50 plus tables in a recent pen-test,
    > now come the hard part - I want to dump data from the most important
    > table that contains user names and passwords. However, the ASP app
    > that I exploit only returns one row at a time. Is there anyway to
    > overcome this?
    >
    > I've been looking for apps that return multiple rows (such as search,etc)
    > but to know avail. I've tried dumping asp codes using BULK INSERT, but
    > the command is only available for system account. Creating an stored
    > procedure does not seem to work as well :(
    >
    > Now, I'm thinking of writing a script that dump the data one at a time,
    > but I would like the advice from fellow pen-testers first.
    >
    > Cheers,
    >
    > --mel
    >
    > ------------------------------------------------------------------
    > ----------
    > This list is provided by the SecurityFocus Security Intelligence
    > Alert (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities
    > please see:
    > https://alerts.securityfocus.com/
    >
    >

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/