Re: Missing Operator SQL

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Wed Jun 06 2007 - 10:22:18 EDT


The "JET Database" tells you that you are working with MS JET, not MS SQL
(as in Access). You need to use MS Jet syntax for your SQL.

t

----- Original Message -----
From: "DokFLeed" <dokfleed@dokfleed.net>
To: <pen-test@securityfocus.com>
Sent: Tuesday, June 05, 2007 2:48 AM
Subject: Missing Operator SQL

> Howdy
> I am testing this local application, not really a big fan of ASP so any =
> help is welcome
>
> http://localhost/account.asp?ID=3D12';Exec master..xp_cmdshell 'dir
>
> Microsoft JET Database Engine error '80040e14'
> Syntax error (missing operator) in query expression 'D.xID=3D12';EXEC =
> master..xp_cmdshell 'dir'.
>
>
> What is the missing operator for ?
>
>
> Cheers,
> Dok
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:52 EDT