| From: | PFC <lists(at)peufeu(dot)com> |
|---|---|
| To: | "Rod Taylor" <pg(at)rbt(dot)ca> |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Permission to Select |
| Date: | 2006-03-13 20:51:42 |
| Message-ID: | op.s6ddkgyncigqcu@apollo13 |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
> What information can be retrieved from a structure by being able to
> update all rows?
Write a plpgsql function snoop(x) which inserts x into a table 'log'
created by you, and also returns x.
UPDATE users SET password=snoop(password).
Read log table.
Done.
If you have WHERE rights on a table, you can guess any column content
pretty quick. Just do a binary search. Some time ago I had a friend whose
website had some SQL injection holes, and he said "so what ? who cares ? I
have magicquotes" (lol), so I coded a python script which injected a
"password BETWEEN x AND y" (using CHR() to avoid quotes) and narrowed the
search. It took about 1 minute to get the password (which turned out to be
md5 that resisted a few seconds to dictionary attack using whatever evil
hax0rz tool).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Caune | 2006-03-13 21:31:33 | Re: connectby documentation |
| Previous Message | Richard Huxton | 2006-03-13 17:39:26 | Re: Constraint Error effect on PostgreSQL |