MS SQL injection

From: Mike Klingler (whitehatguru@gmail.com)
Date: Thu Sep 21 2006 - 10:02:52 EDT

• Next message: Machiavel: "Re: Pen-Testing Smoothwall FireWall"
• Previous message: Maxime Ducharme: "RE: Papers prior to pen-test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Colleagues,
    I have a basic understanding of sql injection for ms sql, but on
this recent pen test the methods I have used in the past aren't
cutting it.

I was able to enumerate the table name and columns utilizing the '
having 1=1;-- and ' group by x,x,x,x having 1=1;--, but once I got all
of the column names on the group by list it issued the following error
instead of returning without an error. "Microsoft][ODBC SQL Server
Driver][SQL Server]Unclosed quotation mark before the character string
' '." Any ideas on what I need me to do to overcome this problem?

Thanks guys

-- 
Michael Klingler, CISSP
SecurityMetrics Penetration Tester
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Machiavel: "Re: Pen-Testing Smoothwall FireWall"
• Previous message: Maxime Ducharme: "RE: Papers prior to pen-test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:59 EDT