[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
- From: "Ali Soylu" <alisoylu@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
- Date: Sun, 12 Aug 2007 21:19:26 -0400
Microsoft SQL server does not require any delimiters between most
statements. The following would be a perfectly valid command:
SELECT * FROM MyTable DROP TABLE MyTable
ALi
On 8/12/07, Harry Muchow <wonderfulandromeda@xxxxxxxxx> wrote:
> I remember, long back I tried SQL injection like this.
>
> ORDER BY 1--
>
> It worked. This proves that there was a select query towards the left
> of the injection point. This also worked
>
> ORDER BY 1 DROP TABLE A
>
> It spewed an output like it can not drop table A because it doesn't
> exist. I am wondering what kinda SQL query would that be which has a
> select query and accomodates DROP along with ORDER BY 1.
>
> AFAIK, DROP should be a separate statement and it should cause a
> syntax error if combined with SELECT. Any suggestions?
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|