From: Cedric Foll (cedric.foll@ac-rouen.fr)
Date: Tue Sep 27 2005 - 11:10:04 EDT
Cedric Foll a écrit :
> Hi,
>
> I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
> which permit to execute some SQL command on it.
Sorry did a mistake. It's a MS Access database behind.
BTW, is it possible to list tables ?
Which tables or procedure are by default in a MS Access databases ?
Regards.
-- Cedric Foll Ingénieur Sécurité & Réseaux Division Informatique, Rectorat de Rouen "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk." Bruce Schneier ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:00 EDT