Re: MS SQL, find list of tables

From: Bernhard Mueller (research@sec-consult.com)
Date: Tue Sep 27 2005 - 11:17:35 EDT

• Next message: Michael Gargiullo: "RE: oracle VA/PT"
• Previous message: mikem@tridigitalenterprises.com: "Ballpark figures on a PBX assessment"
• In reply to: Cedric Foll: "MS SQL, find list of tables"
• Next in thread: LAROUCHE Francois: "RE: MS SQL, find list of tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

MSDN has a complete list of mssql system tables:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sys_00_690z.asp

normally "SELECT name FROM sysobjects" should do the job, as every
database has it's own sysobjects table.

good luck ;)

Cedric Foll wrote:
> Hi,
>
> I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
> which permit to execute some SQL command on it.
>
> In fact I have a "select" where I can inject an "UNION something".
> I'd like to use that in order to get login/passwd in the database.
>
> I can do:
> <somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1>
> But the table users doesn't exist and I failed to guess an existing
> table name :(.
>
> I've tried:
> <something.asp?page=contact' UNION SELECT * FROM MSysObjects'>
> but I get
> ----
> Microsoft OLE DB Provider for ODBC Drivers error '80040e09'
>
> [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no
> read permission on 'MSysObjects'.
> ----
>
> Someone has an idea ????
>
> Regards
>

-- 
_____________________________________________________
~  DI (FH) Bernhard Mueller
~  IT Security Consultant
~  SEC-Consult Unternehmensberatung GmbH
~  www.sec-consult.com
~  A-1080 Wien  Blindengasse 3
~  Tel:   +43/676/840301718
~  Fax:   +43/(0)1/4090307-590
______________________________________________________
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Michael Gargiullo: "RE: oracle VA/PT"
• Previous message: mikem@tridigitalenterprises.com: "Ballpark figures on a PBX assessment"
• In reply to: Cedric Foll: "MS SQL, find list of tables"
• Next in thread: LAROUCHE Francois: "RE: MS SQL, find list of tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:00 EDT