since a friend of who is running a small WebServer allows me to try to "hack" him (if u can call it hack) i tried some basic techniques so far (see my Post about Getting Admin Rights on W2K), we now installed SQL Server on the machine with ODBC SQL driver and ODBC ACCESS driver.
Now just some basic Quesiotns:
- How can i determine of injection works at all ? E.g. if i have a login form with user/Pass and i always get the same and correct "Wonr User or password" file even i injunct SQL Quereis with different Notation like singlew Quotes and Double Quotes etc, i think this form CANT be injected ? Iam right there
?- Sometimes if i inject SQL Queries i dont get the OSBC Driver Error Mesage, but i get 500 Internal Server Error Page. I thik the Error Msg are suppres in this case, iam right there
?- Usually i have Loginnmae/and pass Fields in some HTML forms, but are alphanumeric. How can I force a Query error in this case ? UNION wont work there as far as i tried, since i dont have a integer field
- I never managed to inject SQL commands via append the query at the URL, like they do in several tutorials. I only tried this UNION thingy so far. Is this because i dont have a interger Var in the form or have i to "fake" the post method too
When ever i tried it "nothings happend , only the page is reloaded with my manipulated URL (i mean i dont get HTTP 500 Error, neither a ODBC Driver error...just the same page again, like my login is not proccessed).
- If there is no character limit in the my forms fields can i inject these UNION thingy withhin the form itlself, by ending the query with e.G. ' ; and then SELECT ... or does this only work from URL ?
- in most cases IF i can inject Queires and IF i get ODBC Driver Errors i dont have a SQL driver but a MS ACCESS driver on the other side. Are there differnces between these drivers ? Or is there some infos about ACCESS injection around
?Thats all for now, i think all Questions make u laughing, but hey iam pretty now to this stuff
Thx for your help
Ray
