[OWASP-WEBGOAT]Problem with "Perform a blind SQL Injection"
Bruce Mayhew
bruce.mayhew at aspectsecurity.com
Fri Dec 9 15:09:37 EST 2005
David
This is most likely a problem with the enhydra DB we use for Linux. I'll
try to get the fix for this in the patch release which should be released
soon. Unfortunately, this one is a bug.
Bruce.
----- Original Message -----
From: "David Echarri" <davidecharri at yahoo.es>
To: <owasp-webgoat at lists.sourceforge.net>
Sent: Friday, December 09, 2005 11:50 AM
Subject: [OWASP-WEBGOAT]Problem with "Perform a blind SQL Injection"
> Hi everyone!
>
> I've installed WebGoat 3.7 under Linux, and found a
> problem when doing the test "How to perform Blind SQL
> Injection".
>
> The screen WebGoat presents to me always says "An
> error ocurred, please try again", which is given when
> an SQL Exception has been thrown.
>
> The log file has several entry like the following one:
>
> http-80-Processor25 SELECT TOP 1 first_name FROM
> user_data WHERE userid = 15613
> Don't understand SQL after: "SELECT"
> Expected: "INTO" found: "first_name"
>
> If anyone could give me a hint on how to solve the
> problem,
> I would greatly appreciate it!
>
> Greetings,
>
> David Echarri
>
>
>
> ______________________________________________
> Renovamos el Correo Yahoo!
> Nuevos servicios, más seguridad
> http://correo.yahoo.es
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> OWASP-WEBGOAT mailing list
> OWASP-WEBGOAT at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-webgoat
>
More information about the Owasp-webgoat
mailing list