Skip to main content
Information Security

Return to Question

added 29 characters in body; edited title
Source Link
Anders
Anders
  • 65.9k
  • 25
  • 188
  • 227

Sql Injection on Postgresql SQL injection on PostgreSQL in integer field?

I was doing httpstrying https://server/shared/sendemail?sendto=" and got this response://server/shared/sendemail?sendto="

Database operation "0or1row" failed
(exception ERROR, "ERROR:  invalid input syntax for integer:"""
LINE 4:  where user_id = '"';
                     ^
")

    while executing
"ns_pg_bind 0or1row nsdb0 {
      select first_names, last_name 
      from cc_users
      where user_id = :sendto
    }"
    ("uplevel" body line 1)
    invoked from within
"uplevel $ulevel [list ns_pg_bind $type $db $sql]"
     ("postgresql" arm line 2)
     invoked from within
"switch $driverkey {
            oracle {
                return [uplevel $ulevel [list ns_ora $type $db $sql] $args]
            }
     ..."

And ifIf I put a random user_iduser ID as in https://server/shared/sendemail?sendto=999https://server/shared/sendemail?sendto=999 the server shows this message:

Query did not return any rows.
      while executing
"db_1row user_to_info { *SQL* }"
      ("uplevel" body line 22)
      invoked from within
"uplevel {
ad_page_contract {
      Sends an email to the user with user_id = sendto

My Questions is, it is exploitable? , someSome explanations of what is happening would be great .

Sql Injection on Postgresql on integer field

I was doing https://server/shared/sendemail?sendto="

Database operation "0or1row" failed
(exception ERROR, "ERROR:  invalid input syntax for integer:"""
LINE 4:  where user_id = '"';
                     ^
")

    while executing
"ns_pg_bind 0or1row nsdb0 {
      select first_names, last_name 
      from cc_users
      where user_id = :sendto
    }"
    ("uplevel" body line 1)
    invoked from within
"uplevel $ulevel [list ns_pg_bind $type $db $sql]"
     ("postgresql" arm line 2)
     invoked from within
"switch $driverkey {
            oracle {
                return [uplevel $ulevel [list ns_ora $type $db $sql] $args]
            }
     ..."

And if I put random user_id in https://server/shared/sendemail?sendto=999 the server shows this message

Query did not return any rows.
      while executing
"db_1row user_to_info { *SQL* }"
      ("uplevel" body line 22)
      invoked from within
"uplevel {
ad_page_contract {
      Sends an email to the user with user_id = sendto

My Questions is, it is exploitable? , some explanations of what is happening would be great

SQL injection on PostgreSQL in integer field?

I was trying https://server/shared/sendemail?sendto=" and got this response:

Database operation "0or1row" failed
(exception ERROR, "ERROR:  invalid input syntax for integer:"""
LINE 4:  where user_id = '"';
                     ^
")

    while executing
"ns_pg_bind 0or1row nsdb0 {
      select first_names, last_name 
      from cc_users
      where user_id = :sendto
    }"
    ("uplevel" body line 1)
    invoked from within
"uplevel $ulevel [list ns_pg_bind $type $db $sql]"
     ("postgresql" arm line 2)
     invoked from within
"switch $driverkey {
            oracle {
                return [uplevel $ulevel [list ns_ora $type $db $sql] $args]
            }
     ..."

If I put a random user ID as in https://server/shared/sendemail?sendto=999 the server shows this message:

Query did not return any rows.
      while executing
"db_1row user_to_info { *SQL* }"
      ("uplevel" body line 22)
      invoked from within
"uplevel {
ad_page_contract {
      Sends an email to the user with user_id = sendto

My Questions is, it is exploitable? Some explanations of what is happening would be great .

Source Link
Nemesius
Nemesius
  • 23
  • 3

Sql Injection on Postgresql on integer field

I was doing https://server/shared/sendemail?sendto="

Database operation "0or1row" failed
(exception ERROR, "ERROR:  invalid input syntax for integer:"""
LINE 4:  where user_id = '"';
                     ^
")

    while executing
"ns_pg_bind 0or1row nsdb0 {
      select first_names, last_name 
      from cc_users
      where user_id = :sendto
    }"
    ("uplevel" body line 1)
    invoked from within
"uplevel $ulevel [list ns_pg_bind $type $db $sql]"
     ("postgresql" arm line 2)
     invoked from within
"switch $driverkey {
            oracle {
                return [uplevel $ulevel [list ns_ora $type $db $sql] $args]
            }
     ..."

And if I put random user_id in https://server/shared/sendemail?sendto=999 the server shows this message

Query did not return any rows.
      while executing
"db_1row user_to_info { *SQL* }"
      ("uplevel" body line 22)
      invoked from within
"uplevel {
ad_page_contract {
      Sends an email to the user with user_id = sendto

My Questions is, it is exploitable? , some explanations of what is happening would be great