sorry, i overlooked that this IS a mysql mailing-list and we are running ms-sql in this particular case. good catch... I'd appreciate any insight though.
On Mon, Feb 13, 2012 at 1:56 PM, Gary Smith <shady...@l33t-d00d.co.uk> wrote: > On 13/02/2012 21:48, Haluk Karamete wrote: >> >> My logs shows that we have tried with a SQL Injection attempt, but >> our engine has detected and avoided it but I am just curious, what are >> these SQL statements are intending to achieve? >> >> SELECT * FROM lecturer WHERE recID='25 ' and exists (select * from >> sysobjects) and ''='' ORDER BY EntryDate DESC >> >> and >> >> SELECT * FROM lecturer WHERE recID='25' and char(124)+user+char(124)=0 >> and '%'='' ORDER BY EntryDate DESC >> >> If these were let in, what would have happened? >> > Nothing on MySQL - however, if the back end was an MS SQL server then the > first query would prove that the user had access to the sysobjects table (ie > wasn't constrained within a view, etc). > > The second is - the char(124) evaluates to |user|=0. I'm not sure what this > one does, tbh. > > Gary -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql
