[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE

From: "Harry Muchow" <wonderfulandromeda@xxxxxxxxx>
Subject: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
Date: Mon, 13 Aug 2007 01:12:11 +0530

I remember, long back I tried SQL injection like this.

ORDER BY 1--

It worked. This proves that there was a select query towards the left
of the injection point. This also worked

ORDER BY 1 DROP TABLE A

It spewed an output like it can not drop table A because it doesn't
exist. I am wondering what kinda SQL query would that be which has a
select query and accomodates DROP along with ORDER BY 1.

AFAIK, DROP should be a separate statement and it should cause a
syntax error if combined with SELECT. Any suggestions?

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
  - From: Prasad Shenoy
- Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
  - From: Ali Soylu

Prev by Date: [WEB SECURITY] Facebook Homepage Source Code Probably Leaked
Next by Date: [WEB SECURITY] Did webapp developers learn from Samy worm?
Previous by thread: [WEB SECURITY] Facebook Homepage Source Code Probably Leaked
Next by thread: Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site