Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: SQL injection
From: John McGuire (jmcguire81cox.net)
Date: Wed Jan 19 2005 - 03:07:47 CST
Quite a bit of damage could be done. If you have the patience, you can
map out every table/field in the database using a series of JOINS if I
remember correctly. You could then save a dump of all the data in that
I have just discovered that I can successfully inject the following SQL:
' OR 1=1; --
into the Username field of a logon form on a "secure" site in my
corporate network (Windows 2000, SQL 7.0). When I do this, leaving the
password field blank, I am logged into the system as the first user in
the "Users" table in the DB which is being authenticated against. LOL.
If I can get that far, can't I theoretically:
' OR 1=1; DELETE Users; --
or something similar? Couldn't I EXEC some system sprocs this way too?
How much damage/rooting can be done here? I need to present a detailed
report to the admins.