[Tfug] I got a real funny here...needs to stay in TFUG...
keith smith
klsmith2020 at yahoo.com
Fri Jul 1 09:11:40 MST 2011
I've never tried this, just seen a few examples. I'm assuming you would have to truncate the insert string like this
INSERT INTO table_name
VALUES ('$firstName','$lastName,...)
where $fistName = " ';TRUE"; or something like that. I'm thinking this would truncate the insert and add a command that would resolve to 1. I don't think this is the answer though.
The other part that is interesting is he said they all had the same last name, so there must be more to the story like the insert was not written very well and the data engine was allowing non delimited text to be stored as text allowing for something like
INSERT INTO table_name
VALUES (FirstName,True,...)
where it should have been
INSERT INTO table_name
VALUES ('FirstName','True',...)
I'd really like to know what database was used and what the insert string looked like.
------------------------
Keith Smith
--- On Fri, 7/1/11, Liz Ravenwood <Liz_Ravenwood at beaerospace.com> wrote:
From: Liz Ravenwood <Liz_Ravenwood at beaerospace.com>
Subject: Re: [Tfug] I got a real funny here...needs to stay in TFUG...
To: "'Tucson Free Unix Group'" <tfug at tfug.org>
Date: Friday, July 1, 2011, 8:12 AM
I must be a special kind of stupid because I'm not getting how that SQL could occur.
"INSERT INTO NameTable LASTNAME Values ('" & formfieldvalue & "')"
Where formfieldvalue = "Tables"
How does that change that field value to a True and especially when it is a text field and not a Boolean?
-----Original Message-----
From: tfug-bounces at tfug.org [mailto:tfug-bounces at tfug.org] On Behalf Of Jim March
Sent: Thursday, June 30, 2011 8:48 PM
To: Tucson Free Unix Group
Subject: Re: [Tfug] I got a real funny here...needs to stay in TFUG...
God. Nobody gets it yet?
The family name involved: True
Now think about how that would get turned into "1".
Yeah. It's accepting program code in the data fields. So you could
do an SQL injection attack with a paper and pen: just fill out a fake
voter registration form for "Little Bobby Tables"...
:)
Jim
On Thu, Jun 30, 2011 at 8:36 PM, Dennis McCormick
<macsinitial65haus at gmail.com> wrote:
> On Thu, Jun 30, 2011 at 8:23 PM, Adrian <choprboy at dakotacom.net> wrote:
>> On Thursday 30 June 2011 18:47, Jim March wrote:
>>> Somewhat OT, but still computer security related.
>>>
>>> OK, so there's this electronic voter registration system out there.
>>> Won't say which until the report goes public. Ain't used in AZ so
>>> don't freak out on me :).
>>>
>>> Somebody I know who monitors elections went through the voter
>>> registration lists and found a small number of cases where the
>>> person's last name was listed as "1". Yeah. Just the number one, no
>>> quotes.
>>>
>>> It turned out all of those people (most unrelated to each other) had
>>> the same last name.
>>>
>>> Care to guess what it was?
>>>
>>
>>
>> O'Malley? O'Rielly? O'...
>>
>>
>>
>> Adrian
>>
>>
> How about Juan?
>
> Dennis
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org
This email (and all attachments) is for the sole use of the intended recipient(s) and may contain privileged and/or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20110701/fcb4d401/attachment-0002.html>
More information about the tfug
mailing list