Attack Alert :: Database Enumeration

Attackers can enumerate through errors to discover table composition
/user_detail.php?id=345

        345 GROUP BY id
      

Warning: pg_query(): Query failed: ERROR: column "user.username" must appear in the GROUP BY clause or be used in an aggregate function in /path/to/user_detail.php on line 17

        345 GROUP BY username
      

Warning: pg_query(): Query failed: ERROR: column "user.description" must appear in the GROUP BY clause or be used in an aggregate function in /path/to/user_detail.php on line 17

Penguicon 2006

PHP Aplication Security

Attack Alert :: Database Enumeration

Attack Alert :: Database Enumeration