I was Reading About SQL-Injection in SQL-Server and i saw an Technique That allow me to show any information from database via Errors
assume this is the vulnerable site:
www.victim.com/showproducts.aspx?category=bikes
and when i put this code after parameter value :
www.victim.com/showproducts.aspx?category=bikes AND 1=0/username
this will show an Error that told me its can do an / via int and string and get an data from column username .
Conversion failed when converting the varchar value 'admin' to data type int
its show me the first data in column username , etc : admin
when i try to get another username i exclude the fist value 'admin' via :
www.victim.com/showproducts.aspx?category=bikes AND username not in ('admin') AND 1=0/usernaame;
but its still get the first value " admin " , . why ? and how to get the next value from this technique ...
Related
I'm creating a new report (*.rdl), and there I want to add username who runs the script (insert).
I've tried on VS2008 through "built-in-fields" function which is "User ID", but it didn't work:
CREATE TABLE #Some_Table
(
Plan_date date null,
Plan_customer int null,
creator_id nvarchar(55) null
)
INSERT INTO Some_Table
(
[Plan_date] ,
[Plan_customer],
[creator_id]
)
SELECT
#p_plan_monthly,
#p_plan_clients,
#creator_id ="user id" --from built-in-fields
Expected result is: Column creator_id is filling with value of username from active directory who made insert through my report.
To reiterate my comment, as it's is incredibly important:
"You need to use a different account to access your data #whitefang. The sa account should never be used for something as mundane as a report. In truth it should never be used unless you really need sysadmin privileges, or you're doing something like recovering the server. You should have a service account that can do the respective tasks it needs to. If you can suffer injection through those reports, you're service is like an open book to whomever has access."
Now, onto your problem. I would add a further internal parameter on your report. Change the value of the parameter to have the default value of =User!UserID; this will be the ID of the user running the report (perhaps something like StackOverflow\Larnu).
Then map that report parameter to your dataset parameter #creator_id and change your INSERT statement to:
INSERT INTO Some_Table ([Plan_date],
[Plan_customer],
[creator_id])
VALUES (#p_plan_monthly, #p_plan_clients, #creator_id);
Q: "and there I want to add username who runs the script (insert)"
You can use these functions.
-- database user name
SELECT USER_NAME()
-- login identification name
SELECT SUSER_NAME()
I have a problem with renaming user name to new username (I would like it to be shorter).
Original syntax should be like this:
ALTER LOGIN Mary5 WITH NAME = John2;
But my user has name like this: domain/name.lastname and sql server is giving me error, trying to execute this:
ALTER LOGIN mydomain\fname.lstname WITH NAME = shortername
Error:
Incorrect syntax near '\'.
I've tried to put both names in single quotes, which drops another syntax error. How to rename that user?
Normally you would specify the user with brackets like below. But apparently you cannot remove the domain from a user once it's been created with one. You must delete and recreate the user.
ALTER LOGIN [mydomain\fname.lstname] WITH NAME = [shortername]
When specifying a different domain user you will receive the following error: "The name change cannot be performed because the SID of the new name does not match the old SID of the principal.". Further suggesting you cannot simply alter a login based on a domain user.
I can limit the size of characters of table field in mysql as simple
SELECT NID,LEFT(BODY, 10) AS text FROM tablename
but how can i get the same result in codeigniter Active Record
I tried this code
$this->db->select('NID, LEFT(BODY,10)');
$query = $this->db->get_where('tablename');
but not working
is it possible to make that in codeigniter Active Record ??
I've been able make it work in Codeigniter using a syntax like this:
$this->db->select('NID, LEFT(BODY,10) BODY', false);
$query = $this->db->get_where('tablename');
as stated in: http://ellislab.com/forums/viewthread/201014/#940615
adding 'false' to select, avoids the automatic backtics
also, after left(BODY, 10), you must add the name the new chopped field will use:
select('NID, LEFT(BODY,10) BODY'
otherwise, Codeigniter will output an Undefined property error.
I hope it works!
this is my sample access database:
ID--UserName--Password--AccountType
1---- A123 --1234 --User
2-----B123 --1345 --Admin
I am using VS2012. In my VB.net Project I have username textbox, a password textbox,
and login button.
I add my database using a wizard. I can add, modify, delete, and query, but how to check if the entered username in username text box exists in UserName column?
I filled up my dataset using:
Me.UsersTableAdapter.Fill(Me.WSDataSet.users)
and if I want to get the user type I am using:
Me.WSDataSet.users.FindByUserName(IDtxt.Text).AcountType
but the main problem if user not exists I get the error below:
An unhandled exception of type 'System.NullReferenceException' occurred in user login.exe Additional information: Object reference not set to an instance of an object.
How can I check if the username exists or not?
Try doing this.
Dim user = Me.WSDataSet.users.FindByUserName(IDtxt.Text)
If not user is nothing Then
'Do what you want with the user object
Else
'Message User does not exist.
End If
you just check if the user exists then do what you want with it.
We are in the process to migrate our SQL 2000 box to SQL 2008. But we ran into an issue; when a result set (rows or not) is returned by using a query that has a UNION. Later in the code we try to add a new row and assign field to it but because a UNION was used, when we try to assign a value to the field it gives us a Multiple-step operation generated errors. Check each status value. error. We tried the following code on a Windows XP & Windows 7 and got the same result. But when we change our connection string to point back to our SQL 2000 box we don't get that error any more.
The following example show the problem we are having.
var c = new ADODB.Connection();
var cmd = new ADODB.Command();
var rs = new ADODB.Recordset();
object recordsAffected;
c.Open("Provider=SQLOLEDB;Server=*****;Database=*****;User Id=*****;Password=*****;");
cmd.ActiveConnection = c;
cmd.CommandType = ADODB.CommandTypeEnum.adCmdText;
cmd.CommandText = "create table testing2008 (id int)";
cmd.Execute(out recordsAffected);
try {
cmd.CommandText = "select * from testing2008 union select * from testing2008";
rs.CursorLocation = ADODB.CursorLocationEnum.adUseClient;
rs.Open(cmd, Type.Missing, ADODB.CursorTypeEnum.adOpenDynamic, ADODB.LockTypeEnum.adLockBatchOptimistic, -1);
rs.AddNew();
rs.Fields["id"].Value = 0; //throws exception
rs.Save();
}
catch (Exception ex) {
MessageBox.Show(ex.ToString());
}
finally {
cmd.CommandText = "drop table testing2008";
cmd.Execute(out recordsAffected);
c.Close();
}
The link below is an article that gives a great breakdown of the 6 scenarios this error message can occur:
Scenario 1 - Error occurs when trying to insert data into a database
Scenario 2 - Error occurs when trying to open an ADO connection
Scenario 3 - Error occurs inserting data into Access, where a fieldname has a space
Scenario 4 - Error occurs inserting data into Access, when using adLockBatchOptimistic
Scenario 5 - Error occurs inserting data into Access, when using Jet.OLEDB.3.51 or ODBC driver (not Jet.OLEDB.4.0)
Scenario 6 - Error occurs when using a Command object and Parameters
http://www.adopenstatic.com/faq/80040e21.asp
Hope it may help others that may be facing the same issue.
It is type mismatch, try
rs.Fields["id"].Value = "0";
or make sure you assign a Variant to the value.
Since I posted this problem, we figured out that the problem was when you do a union the attributes on the fields are not bound (i.e. the attributes: basecatalog, basetable & basecolumn are empty) to remedy our problem we had to force the values of those attributes, by saving the recordset to xml (adPersistXML), change the xml and reopen the recordset from the xml. This rebound the fields and we were able to continue. We know this may not be the most efficient solution, but it was for an older app and we didn't want to rewrite the sql statements. It looks like the main error Multiple-step operation generated errors. Check each status value. is related to when an error occurs when a value is assigned to a field.
Two things I can think of... Make sure your "ID" column will accept a zero (0). Also - I've stopped this issue on one occasion by not using the adUseClient cursor (try server).
Many times this is a type mismatch, trying to stuff a NULL into a non-null column, or attempting to write more characters into a column than it's designed to take.
Hope this helps. - Freddo
Same issue occurred to me the problem was that i violated an object property , in my case it was size the error came out as
"IntegrationException: Problem (Multiple-step operation generated errors. Check each status value.)"
Imports ADODB
Dim _RecordSet As Recordset
_rs.Fields.Append("Field_Name", DataTypeEnum.adVarChar, 50)
_Recordset("Field_Name").Value = _RecordDetails.Field_NameValue
_RecordDetails.Field_NameValue length was more than 50 chars , so this property was violated , hence the error occurred .
I found another scenario:
When I was trying to set the value of a adLongVarChar field in a new record for a memory-only adodb.recordset. In my case, the error was triggered because the string I was passing had a buried unicode character.
I found this error when our legacy application was trying to parse 1/1/0001 12AM date and time. Looks like VB6 recordsets doesn't like that value.
To get rid of the errors, I had to set all the offending dates to null.
I was getting this error when trying to insert/update the field with a value that did not match the table>field type.
For example, the database table > field was
char(1)
however, I was trying to insert/update
"apple"
into the record.
Once I change the inputted value to "a" and it worked.