[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE

From: "Prasad Shenoy" <prasad.shenoy@xxxxxxxxx>
Subject: Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
Date: Sun, 12 Aug 2007 19:57:35 -0400

------=_Part_30132_22346250.1186963055367
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ORDER BY 1; Drop Table A; --

Will this work ?

On 8/12/07, Harry Muchow <wonderfulandromeda@gmail.com> wrote:
>
> I remember, long back I tried SQL injection like this.
>
> ORDER BY 1--
>
> It worked. This proves that there was a select query towards the left
> of the injection point. This also worked
>
> ORDER BY 1 DROP TABLE A
>
> It spewed an output like it can not drop table A because it doesn't
> exist. I am wondering what kinda SQL query would that be which has a
> select query and accomodates DROP along with ORDER BY 1.
>
> AFAIK, DROP should be a separate statement and it should cause a
> syntax error if combined with SELECT. Any suggestions?
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>

-- 
Prasad

------=_Part_30132_22346250.1186963055367
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ORDER BY 1; Drop Table A; --<br>
<br>
Will this work ?<br><br><div><span class="gmail_quote">On 8/12/07, <b class="gmail_sendername">Harry Muchow</b> &lt;<a href="mailto:wonderfulandromeda@gmail.com";>wonderfulandromeda@gmail.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I remember, long back I tried SQL injection like this.<br><br>ORDER BY 1--<br><br>It worked. This proves that there was a select query towards the left<br>of the injection point. This also worked<br><br>ORDER BY 1 DROP TABLE A
<br><br>It spewed an output like it can not drop table A because it doesn&#39;t<br>exist. I am wondering what kinda SQL query would that be which has a<br>select query and accomodates DROP along with ORDER BY 1.<br><br>AFAIK, DROP should be a separate statement and it should cause a
<br>syntax error if combined with SELECT. Any suggestions?<br><br>----------------------------------------------------------------------------<br>Join us on IRC: <a href="http://irc.freenode.net";>irc.freenode.net</a> #webappsec
<br><br>Have a question? Search The Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/</a><br><br>Subscribe via RSS:<br><a href="http://www.webappsec.org/rss/websecurity.rss";>
http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></blockquote></div><br><br clear="all"><br>-- <br>Prasad<br>

------=_Part_30132_22346250.1186963055367--

References:
- [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
  - From: Harry Muchow

Prev by Date: [WEB SECURITY] Did webapp developers learn from Samy worm?
Next by Date: Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
Previous by thread: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
Next by thread: Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site