MSDN has a complete list of mssql system tables:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sys_00_690z.asp
normally "SELECT name FROM sysobjects" should do the job, as every
database has it's own sysobjects table.
good luck ;)
Cedric Foll wrote:
Hi,
I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
which permit to execute some SQL command on it.
In fact I have a "select" where I can inject an "UNION something".
I'd like to use that in order to get login/passwd in the database.
I can do:
<somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1>
But the table users doesn't exist and I failed to guess an existing
table name :(.
I've tried:
<something.asp?page=contact' UNION SELECT * FROM MSysObjects'>
but I get
----
Microsoft OLE DB Provider for ODBC Drivers error '80040e09'
[Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no
read permission on 'MSysObjects'.
----
Someone has an idea ????
Regards
--
_____________________________________________________
~ DI (FH) Bernhard Mueller
~ IT Security Consultant
~ SEC-Consult Unternehmensberatung GmbH
~ www.sec-consult.com
~ A-1080 Wien Blindengasse 3
~ Tel: +43/676/840301718
~ Fax: +43/(0)1/4090307-590
______________________________________________________
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
