Blind SQL Injection / Stored procedures

Hi List,

I am currently testing a clients Web Site. I have found that it is 
vulnerable to Blind SQL Injection, so I have been able to enumerate tables, 
columns, etc. It interact with an SQL Server 2000 SP3.

The problem is that, despite I was able to enumerate tables and columns 
(through base..syscolumns) I am not able to access any data of those tables.

I think this can be happening because the priviledges are assigned to stored 
procedures, and not directly to users, which is a good practice.

Then my problem is how can I use an stored procedure to get some data? I 
think I am able to run, but how can I do to get its results?

I know that there is an xp_makewebtask which lets me write sql queries to a 
file, but as the sql server resides in a different machine that the web 
server, I cannot get those files.

Thanks in advance,

Andy

_________________________________________________________________
Dale rienda suelta a tu tiempo libre. Encuentra mil ideas para exprimir tu 
ocio con MSN Entretenimiento. http://entretenimiento.msn.es/