Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Web Application Security
Fwd: PHP Easter Eggs Nov 28 2004 01:21PM
Andi McLean (andi_mclean ntlworld com) (6 replies)
Re: PHP Easter Eggs Nov 30 2004 04:19AM
Serban Gh. Ghita (serban verasys ro)
Re: PHP Easter Eggs Nov 30 2004 04:12AM
Serban Gh. Ghita (serban verasys ro) (2 replies)
Re: PHP Easter Eggs Nov 30 2004 02:40AM
Harrison Gladden (hgladden gmail com) (4 replies)
Re: PHP Easter Eggs Dec 06 2004 09:45PM
Antonio Varni (antonio varni gmail com)
Re: PHP Easter Eggs Dec 06 2004 09:45PM
Antonio Varni (antonio varni gmail com)
RE: PHP Easter Eggs Nov 30 2004 07:39PM
V. Poddubnyy (vpoddubniy mail ru)
RE: PHP Easter Eggs Nov 30 2004 07:39PM
V. Poddubnyy (vpoddubniy mail ru)
Re: PHP Easter Eggs Nov 30 2004 02:40AM
Harrison Gladden (hgladden gmail com) (4 replies)
Re: PHP Easter Eggs Dec 06 2004 09:45PM
Antonio Varni (antonio varni gmail com)
Re: PHP Easter Eggs Dec 06 2004 09:45PM
Antonio Varni (antonio varni gmail com)
RE: PHP Easter Eggs Nov 30 2004 07:39PM
V. Poddubnyy (vpoddubniy mail ru)
RE: PHP Easter Eggs Nov 30 2004 07:39PM
V. Poddubnyy (vpoddubniy mail ru)
Re: Fwd: PHP Easter Eggs Nov 29 2004 08:54PM
Alexander Klimov (alserkli inbox ru)
Re: Fwd: PHP Easter Eggs Nov 29 2004 04:17PM
Saqib N Ali seagate com (2 replies)
Re: Fwd: PHP Easter Eggs Nov 30 2004 08:53AM
exon (exon home se) (2 replies)
Re: PHP Easter Eggs Nov 30 2004 06:24PM
Paul Fierro (pablo nothing com) (2 replies)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:
> Here the MS Documentation for GO Keyword:
> <snip>
> SQL Server utilities interpret GO as a signal that
> they should send the current batch of Transact-SQL
> statements to SQL Server. The current batch of
> statements is composed of all statements entered since
> the last GO, or since the start of the ad hoc session
> or script if this is the first GO
> </snip>

This may work in SQL Server utilities such as Query Analyzer, but the GO
keyword is not part of the T-SQL language, so this would not work in a
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient
provider.

Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/>
> Here the MS Documentation for GO Keyword:<br/>
> <snip><br/>
> SQL Server utilities interpret GO as a signal that<br/>
> they should send the current batch of Transact-SQL<br/>
> statements to SQL Server. The current batch of<br/>
> statements is composed of all statements entered since<br/>
> the last GO, or since the start of the ad hoc session<br/>
> or script if this is the first GO<br/>
> </snip><br/>
<br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/>
keyword is not part of the T-SQL language, so this would not work in a <br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/>
provider.<br/>
<br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/>
> <snip><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/>
> they should send the current batch of Transact-SQL<br/><br/>
> statements to SQL Server. The current batch of<br/><br/>
> statements is composed of all statements entered since<br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/>
> or script if this is the first GO<br/><br/>
> </snip><br/><br/>
<br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/>
provider.<br/><br/>
<br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/>
> <snip><br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/>
> or script if this is the first GO<br/><br/><br/>
> </snip><br/><br/><br/>
<br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/>
provider.<br/><br/><br/>
<br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Nov 30 2004 06:24PM
Paul Fierro (pablo nothing com) (2 replies)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/>
> <snip><br/><br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/>
> or script if this is the first GO<br/><br/><br/><br/>
> </snip><br/><br/><br/><br/>
<br/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/>
provider.<br/><br/><br/><br/>
<br/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/>
> <snip><br/><br/><br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/>
> </snip><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/>
provider.<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/>
> <snip><br/><br/><br/><br/><br/><br/>

> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><br/>

> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/>
> </snip><br/><br/><br/><br/><br/><br/
>
<br/><br/><br/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/>
provider.<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&g
t;<br/>
> <snip><br/><br/><br/><br/><br/><b
r/><br/>
<br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/><b
r/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
r/><br/>
<br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><br/
>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/><
br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><br/
>
> </snip><br/><br/><br/><br/><br/><
br/<br/>
><br/>
<br/><br/><br/><br/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br/>
provider.<br/><br/><br/><br/><br/><br/&
gt;<br/>
<br/><br/><br/><br/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: Fwd: PHP Easter Eggs Nov 30 2004 08:53AM
exon (exon home se) (2 replies)
Re: PHP Easter Eggs Nov 30 2004 06:24PM
Paul Fierro (pablo nothing com) (2 replies)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;g<br/>
t;<br/><br/>
> <snip><br/><br/><br/><br/><br/><b
<br/>
r/><br/><br/>
<br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&l
t;b<br/>
r/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
r/><br/><br/>
<br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
br/<br/>
><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
lt;<br/>
br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
br/<br/>
><br/>
> </snip><br/><br/><br/><br/><br/><
<br/>
br/<br/><br/>
><br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
/><br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
gt;<br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;a<br/>
mp;g<br/><br/>
t;<br/><br/><br/>
> <snip><br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
r/><br/><br/><br/>
<br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&a
mp;l<br/>
t;b<br/><br/>
r/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
r/><br/><br/><br/>
<br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
<br/>
br/<br/><br/>
><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
amp;<br/>
lt;<br/><br/>
br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
;<br/><br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
<br/>
br/<br/><br/>
><br/><br/>
> </snip><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
br/<br/><br/><br/>
><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
amp;<br/><br/>
gt;<br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;a<br/>
mp;a<br/><br/>
mp;g<br/><br/><br/>
t;<br/><br/><br/><br/>
> <snip><br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
r/><br/><br/><br/><br/>
<br/><br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&a
mp;a<br/>
mp;l<br/><br/>
t;b<br/><br/><br/>
r/><br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
r/><br/><br/><br/><br/>
<br/><br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
br/<br/><br/><br/>
><br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
amp;<br/>
amp;<br/><br/>
lt;<br/><br/><br/>
br/><br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
;<br/><br/><br/>
;<br/><br/><br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
br/<br/><br/><br/>
><br/><br/><br/>
> </snip><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
br/<br/><br/><br/><br/>
><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
/><br/><br/><br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
gt;<br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;g<br/><br/><br/><br/>
t;<br/><br/><br/><br/><br/>
> <snip><br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&a
mp;a<br/>
mp;a<br/><br/>
mp;l<br/><br/><br/>
t;b<br/><br/><br/><br/>
r/><br/><br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
br/<br/><br/><br/><br/>
><br/><br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
lt;<br/><br/><br/><br/>
br/><br/><br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
;<br/><br/><br/>
;<br/><br/><br/><br/>
;<br/><br/><br/><br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
br/<br/><br/><br/><br/>
><br/><br/><br/><br/>
> </snip><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/>
><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
/><br/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
/><br/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
/><br/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
/><br/><br/><br/><br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
gt;<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
/><br/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Nov 30 2004 06:24PM
Paul Fierro (pablo nothing com) (2 replies)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;a<br/><br/><br/><br/>
mp;g<br/><br/><br/><br/><br/>
t;<br/><br/><br/><br/><br/><br/>
> <snip><br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;l<br/><br/><br/><br/>
t;b<br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/>
><br/><br/><br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
lt;<br/><br/><br/><br/><br/>
br/><br/><br/><br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
;<br/><br/><br/>
;<br/><br/><br/><br/>
;<br/><br/><br/><br/><br/>
;<br/><br/><br/><br/><br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/>
><br/><br/><br/><br/><br/>
> </snip><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/>
><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
/><br/><br/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
/><br/><br/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
/><br/><br/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
/><br/><br/><br/><br/><br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/>
gt;<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
/><br/><br/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;a<br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/>
mp;g<br/><br/><br/><br/><br/><br/>
t;<br/><br/><br/><br/><br/><br/><br/
>
> <snip><br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/><br/><br/><br/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;a<br/><br/><br/><br/>
mp;l<br/><br/><br/><br/><br/>
t;b<br/><br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/><br/><br/><br/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/>
><br/><br/><br/><br/><br/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/>
lt;<br/><br/><br/><br/><br/><br/>
br/><br/><br/><br/><br/><br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
;<br/><br/><br/>
;<br/><br/><br/><br/>
;<br/><br/><br/><br/><br/>
;<br/><br/><br/><br/><br/><br/>
;<br/><br/><br/><br/><br/><br/><br/>

> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/>
><br/><br/><br/><br/><br/><br/>
> </snip><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/><br
/>
><br/><br/><br/><br/><br/><br/><b
r/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/>
gt;<br/><br/><br/><br/><br/><br/><br
/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:35AM
Jimi Thompson (jimi thompson gmail com) (4 replies)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (6 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;a<br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/><br/>
mp;g<br/><br/><br/><br/><br/><br/><b
r/>
t;<br/><br/><br/><br/><br/><br/><
br/<br/>
><br/>
> <snip><br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;a<br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/>
mp;l<br/><br/><br/><br/><br/><br/>
t;b<br/><br/><br/><br/><br/><br/><br
/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/><br
/>
><br/><br/><br/><br/><br/><br/><b
r/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/>
lt;<br/><br/><br/><br/><br/><br/><br
/>
br/><br/><br/><br/><br/><br/><br/>
;<br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
;<br/><br/><br/>
;<br/><br/><br/><br/>
;<br/><br/><br/><br/><br/>
;<br/><br/><br/><br/><br/><br/>
;<br/><br/><br/><br/><br/><br/><br/>

;<br/><br/><br/><br/><br/><br/><b
r/><br/>
<br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/><br
/>
><br/><br/><br/><br/><br/><br/><b
r/>
> </snip><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/><
;br<br/>
/><br/>
><br/><br/><br/><br/><br/><br/>&l
t;b<br/>
r/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/><
br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/><
br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/><
br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/><
br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/><b
r/>
gt;<br/><br/><br/><br/><br/><br/><
;br<br/>
/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/><
br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 15 2004 02:49AM
Olivier G. Gaumond (olig monimap com) (1 replies)
Juan Carlos Calderon wrote:<br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
> Here the MS Documentation for GO Keyword:<br/><br/><br/><br/><br/><br/&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;a<br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/><br/><b
r/>
mp;g<br/><br/><br/><br/><br/><br/>&l
t;b<br/>
r/><br/>
t;<br/><br/><br/><br/><br/><br/><
<br/>
br/<br/><br/>
><br/><br/>
> <snip><br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
> SQL Server utilities interpret GO as a signal that<br/><br/><br/><br/><br/><br/>&a
mp;a<br/>
mp;a<br/><br/>
mp;a<br/><br/><br/>
mp;a<br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/>
mp;a<br/><br/><br/><br/><br/><br/>
mp;l<br/><br/><br/><br/><br/><br/><b
r/>
t;b<br/><br/><br/><br/><br/><br/><
;br<br/>
/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
> they should send the current batch of Transact-SQL<br/><br/><br/><br/><br/><b
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
r/><br/><br/><br/><br/><br/><br/>
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
/><br/><br/>
> statements to SQL Server. The current batch of<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/><
;br<br/>
/><br/>
><br/><br/><br/><br/><br/><br/>&l
t;b<br/>
r/><br/>
> statements is composed of all statements entered since<br/><br/><br/><br/><br/><br/>&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/><b
r/>
lt;<br/><br/><br/><br/><br/><br/><
;br<br/>
/><br/>
br/><br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
> the last GO, or since the start of the ad hoc session<br/><br/><br/><br/><br/><br/>
;<br/>
;<br/><br/>
;<br/><br/><br/>
;<br/><br/><br/><br/>
;<br/><br/><br/><br/><br/>
;<br/><br/><br/><br/><br/><br/>
;<br/><br/><br/><br/><br/><br/><br/>

;<br/><br/><br/><br/><br/><br/><b
r/><br/>
<br/>
;<br/><br/><br/><br/><br/><br/><b
<br/>
r/><br/><br/>
<br/><br/>
> or script if this is the first GO<br/><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
br/<br/><br/><br/><br/><br/><br/><
;br<br/>
/><br/>
><br/><br/><br/><br/><br/><br/>&l
t;b<br/>
r/><br/>
> </snip><br/><br/><br/><br/><br/><
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
/><br/>
br/<br/><br/><br/><br/><br/><br/><
;<br/>
;br<br/><br/>
/><br/><br/>
><br/><br/><br/><br/><br/><br/>&a
mp;l<br/>
t;b<br/><br/>
r/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>&
lt;<br/>
br/><br/>
This may work in SQL Server utilities such as Query Analyzer, but the GO <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>&
lt;<br/>
br/><br/>
keyword is not part of the T-SQL language, so this would not work in a <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>&
lt;<br/>
br/><br/>
query sent by ADO. At least it doesn't work with the ADO.NET SqlClient <br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>&
lt;<br/>
br/><br/>
provider.<br/><br/><br/><br/><br/><br/&
amp;<br/>
amp;<br/><br/>
amp;<br/><br/><br/>
amp;<br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/>
amp;<br/><br/><br/><br/><br/><br/><b
r/>
amp;<br/><br/><br/><br/><br/><br/>&l
t;b<br/>
r/><br/>
gt;<br/><br/><br/><br/><br/><br/><
;<br/>
;br<br/><br/>
/><br/><br/>
<br/><br/><br/><br/><br/><br/><br
<br/>
<br/><br/>
<br/><br/><br/>
<br/><br/><br/><br/>
<br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/>
/><br/><br/><br/><br/><br/><br/>&
lt;<br/>
br/><br/>
Olivier

[ reply ]
Re: SQL injection (no single quotes used) Dec 15 2004 04:50PM
Juan Carlos (johnccr yahoo com) (1 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 11:12PM
Brett Moore (brett moore security-assessment com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
SQL injection (no single quotes used) Dec 09 2004 03:53PM
Juan Carlos Calderon (johnccr yahoo com) (4 replies)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
RE: SQL injection (no single quotes used) Dec 15 2004 10:25AM
Mutallip Ablimit (mutax insi co jp) (2 replies)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 15 2004 11:20PM
PD9 Software (info pd9soft com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: SQL injection (no single quotes used) Dec 14 2004 07:30PM
Adam Tuliper (amt gecko-software com)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Dec 02 2004 04:32PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: PHP Easter Eggs Nov 29 2004 04:04PM
Griffiths, Ian (ian griffiths liv-coll ac uk)
Re: Fwd: PHP Easter Eggs Nov 29 2004 03:43PM
Astarna (mailing astarna com)







 

Privacy Statement
Copyright 2009, SecurityFocus