the-web-application-hackers-handbook

Chapter 9 n Attacking Data Stores 337
Oracle: ORA-00972:identifier is too long
MS-SQL: String or binary data would be truncated.
MySQL: N/A
Translation: This does not indicate SQL injection. You may see this error message
if you have entered a long string. You’re unlikely to get a buffer overflow
here either, because the database is handling your input safely.
Oracle: ORA-00942: table or view does not exist
MS-SQL: Msg 208, Level 16, State 1, Line 1
Invalid object name ‘foo’
MySQL: Table ‘DBNAME.SOMETABLE’ doesn’t exist
Translation: Either you are trying to access a table or view that does not exist, or,
in the case of Oracle, the database user does not have privileges for
the table or view. Test your query against a table you know you have
access to, such as DUAL. MySQL should helpfully reveal the current
database schema DBNAME when this condition is encountered.
Oracle: ORA-00920: invalid relational operator
MS-SQL: Msg 170, Level 15, State 1, Line 1
Line 1: Incorrect syntax near foo
MySQL:
Translation:
You have an error in your SQL syntax. Check the
manual that corresponds to your MySQL server version
for the right syntax to use near ‘’ at line 1
You were probably altering something in a WHERE clause, and your
SQL injection attempt has disrupted the grammar.
Oracle:
MS-SQL:
MySQL:
Translation:
ORA-00907: missing right parenthesis
N/A
You have an error in your SQL syntax. Check the
manual that corresponds to your MySQL server version
for the right syntax to use near ‘’ at line 1
Your SQL injection attempt has worked, but the injection point was
inside parentheses. You probably commented out the closing parenthesis
with injected comment characters (--).
Continued