[sqlmap-users] injecting in the order by clause
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] injecting in the order by clause
|
From: Buggy <bug...@gm...> - 2010-12-19 07:39:28
|
Hello, First, let me thank you for the great tool and the steady bugfixing and improving! I (and sqlmap) have found my new nemesis concerning SQL injection: injecting in the ORDER BY clause: I am currently doing work on a webapp based on an ORACLE database and can inject here: SELECT foo, bar FROM the_table ORDER BY [INJECTION] 1) The mean thing is you cannot use UNION because of the ORDER BY clause => Any hints on how to get a working injection going here? Has anyone ever encountered this rare case? 2) the furthest I have gotten in a try to get into a blind sql injection situation is the following: [INJECTION] = decode ((select 'a' from dual),'a',foo,bar) depending on whether a or something else is selected, the ouput is sorted by column foo or column bar the idea is to ask the question here (pseudocode): decode ((select first letter of first username < chr(128)),TRUE,foo,bar) but it doesnt work as I do not know how to write the question query or how to decide if the answer is TRUE or FALSE => is there some hint how to continue from here and maybe even get the thing working with sqlmap? Cheers, Karl |
