What information can be retrieved from a structure by being able to
update all rows?
Write a plpgsql function snoop(x) which inserts x into a table 'log'
created by you, and also returns x.
UPDATE users SET password=snoop(password).
Read log table.
Done.
If you have WHERE rights on a table, you can guess any column content
pretty quick. Just do a binary search. Some time ago I had a friend whose
website had some SQL injection holes, and he said "so what ? who cares ? I
have magicquotes" (lol), so I coded a python script which injected a
"password BETWEEN x AND y" (using CHR() to avoid quotes) and narrowed the
search. It took about 1 minute to get the password (which turned out to be
md5 that resisted a few seconds to dictionary attack using whatever evil
hax0rz tool).
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
