Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Help with SQL Injection (http://www.go4expert.com/forums/help-sql-injection-t26503/)

Shawn_Rogers 15Aug2011 23:24

Help with SQL Injection
OK, so the vulnerable URL that I'm attacking has only one column and the only way to retrieve data from that column is to generate an error. The column normally accepts an int value so any string value returns an error. However, when I try to cast an int to a string as to return an error like:

union select convert(varchar,zip) from address

I don't get an error. How can I generate one?
Additionally, conversion to type text only gives the error "Operand type clash: text is incompatible with int".

Scripting 23Aug2011 01:58

Re: Help with SQL Injection
Mainly add the /* at the end !

All times are GMT +5.5. The time now is 19:15.