<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: Re: Latest MS SQL Server vulnerabilities revealed.

Re: Latest MS SQL Server vulnerabilities revealed.

From: Michael - <michael_at_nix.org>
Date: 1 May 2003 01:28:42 -0000

After reading your papers I must say it was quite interesting and it introduce quite a few new ideas. However, most of them (at leat in your paper found at http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf ) base themselves on the idea that you can perform an 'insert' with SQL injection. In my experience, this is impossible most of the time due to the fact that MSSQL doesnt allow multiple statement and that you can only add an union in the middle of an SQL statement that is usualy part of a web application.

Michael

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on May 01 2003

This message: [ Message body ]
Next message: tom ferris: "MDG Web Server 4D 3.6.0 Buffer Overflow"
Previous message: Cesar: "Re: Latest MS SQL Server vulnerabilities revealed."
Maybe in reply to: Cesar: "Re: Latest MS SQL Server vulnerabilities revealed."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos