Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MS SQL, find list of tables

from [Velasco Herrero, Jose Antonio] Network Security [Permanent Link]
Subject: RE: MS SQL, find list of tables
Date: Tue, 27 Sep 2005 17:35:55 +0200 
Did you try something like this?

<somethin.asp?page= 'UNION ALL SELECT name FROM sysobjects WHERE xtype='U

AFAIK MSysObjects is not an MS SQL Server table but an Access one.

I hope this helps

Jose


-----Mensaje original-----
De: Cedric Foll [mailto:cedric.foll@ac-rouen.fr]
Enviado el: lunes, 26 de septiembre de 2005 16:01
Para: pen-test@securityfocus.com
Asunto: MS SQL, find list of tables

Hi,

I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
which permit to execute some SQL command on it.

In fact I have a "select" where I can inject an "UNION something".
I'd like to use that in order to get login/passwd in the database.

I can do:
<somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1>
But the table users doesn't exist and I failed to guess an existing
table name :(.

I've tried:
<something.asp?page=contact' UNION SELECT * FROM MSysObjects'>
but I get
----
Microsoft OLE DB Provider for ODBC Drivers error '80040e09'

[Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no
read permission on 'MSysObjects'.
----

Someone has an idea ????

Regards

--
Cedric Foll
Ingénieur Sécurité & Réseaux
Division Informatique, Rectorat de Rouen

"More people are killed every year by pigs than by sharks,
which shows you how good we are at evaluating risk."
Bruce Schneier

--------------------------------------------------------------------------
----
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------------------
-----




--------------------------------------------------------------------------------
INFORMACION IMPORTANTE - IMPORTANT NEWS
--------------------------------------------------------------------------------
A partir del 12 de septiembre de 2005,  nuestras oficinas de Avda. Llano 
Castellano y Capitán Haya en Madrid, se trasladan a:
As from September 12, 2005, our offices in:  Avda. Llano Castellano and Capitán 
Haya (Madrid) are moving to a new address:

------ Calle Orduña, 2 - 28034 Madrid ------

Nuestros números de teléfono y de fax así como nuestras direcciones de correo 
electrónico permanecen sin cambios.
Our telephone and fax numbers as well as our e-mail addresses remain the same.
----------------------------------------
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
This e-mail may contain confidential or privileged information. Any unauthorised
copying, use or distribution of this information is strictly prohibited. If you 
are not the
intended recipient, please notify the sender and destroy this e-mail together 
with all of
its content.
--------------------------------------------------------------------------------
Este mensaje electrónico puede contener información confidencial o 
privilegiada, por lo
que está completamente prohibida la copia, el uso o la distribución no 
autorizada de
dicha información. Si usted no es el destinatario del mensaje, le rogamos que lo
notifique al remitente y que lo destruya junto con todo su contenido.
--------------------------------------------------------------------------------
Aquest missatge electrònic pot contenir informació confidencial o privilegiada 
i està
completament prohibida qualsevol còpia, ús o distribució no autoritzada 
d'aquesta
informació. Si vostè no és el seu destinatari, si us plau notifiqui-ho al 
remitent i
destrueixi el missatge amb tot el seu contingut.
--------------------------------------------------------------------------------
Mezu elektroniko honek informazio konfidentziala edo pribilegiatua eduki dezake.
Erabat debekaturik dago informazio hori baimenik gabe kopiatu, erabili edo 
banatzea.
Mezu hau ez bada zuri zuzendua, arren, igortzaileari jakinarazi eta bere 
edukiarekin
batera ezaba ezazu.
--------------------------------------------------------------------------------
Esta mensaxe electrónica pode conter información confidencial ou privilexiada e 
está
completamente prohibida calquera copia, uso ou distribución non autorizado desta
información. Se vostede non é o seu destinatario, faga o favor de llo notificar 
ao
remitente e destrúa a mensaxe e todo o seu contido.
--------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: oracle VA/PT, Michael Gargiullo
Next by Date:  Ballpark figures on a PBX assessment, mikem
Previous by Thread:  RE: MS SQL, find list of tables, BHAI JAINUDDINBHAI, TRUNKWALA KUTBUDDIN (TRUNKWALA KUTBUDDIN)** CTR **
Next by Thread:  RE: MS SQL, find list of tables, LAROUCHE Francois
Indexes:  [Date] [Thread] [Top] [All Lists]