From: Cedric Foll (cedric.foll@ac-rouen.fr)
Date: Mon Sep 26 2005 - 10:00:48 EDT
Hi,
I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
which permit to execute some SQL command on it.
In fact I have a "select" where I can inject an "UNION something".
I'd like to use that in order to get login/passwd in the database.
I can do:
<somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1>
But the table users doesn't exist and I failed to guess an existing
table name :(.
I've tried:
<something.asp?page=contact' UNION SELECT * FROM MSysObjects'>
but I get
---- Microsoft OLE DB Provider for ODBC Drivers error '80040e09' [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no read permission on 'MSysObjects'. ---- Someone has an idea ???? Regards -- Cedric Foll Ingénieur Sécurité & Réseaux Division Informatique, Rectorat de Rouen "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk." Bruce Schneier ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:00 EDT