Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MS Access SQL injection column enumeration

from [Jeremy Viegas] Network Security [Permanent Link]
Subject: RE: MS Access SQL injection column enumeration
Date: Mon, 21 Mar 2005 15:49:07 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Most often the ODBC connection the web app uses prevents access to
the msysobjects table of the database. Here is what the error
generally looks like:

Microsoft OLE DB Provider for ODBC Drivers (0x80040E09)
[Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read;
no read permission on 'msysobjects'.

The same queries will work for you inside access when fired straight
on the database.

Yes, and column enumeration is not an easy task!

You might want to look over the access file format (MDB) for Jet 3
and Jet4 databases.

Happy Pen-Testing ...
____________________________________________________________________

Jeremy D. Viegas                  Email:  jeremyv@cc.gatech.edu   
Masters in Information Security   Mobile: 404.324.2993
College of Computing,             http://www.cc.gatech.edu/~jeremyv
Georgia Institute of Technology   (PGP Public Key on my webpage) 
____________________________________________________________________

- -----Original Message-----
From: RaMatkal x2 [mailto:ramatkal@hotmail.com] 
Sent: Saturday, March 19, 2005 3:34 PM
To: security-basics@securityfocus.com
Subject: MS Access SQL injection column enumeration

I am conducting a pen-test on a web app that is vulnerable to SQL
injection. 
The backend database is MS access.....

i have managed to get a list of table names using something like the 
following:

select Name, from MSysObjects
where  Type=1
  and  Name not like "MSys*";

However, I am struggling to find a way to gather a list of column
names from 
each table which
would allow me to read any data from the database......
None of the sql injection papers / tutorials seem to have much to say
about 
Access databases...

Anybody got any ideas?

Thanks in advance...
ramatkal@hotmail.com

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQj8zIleSFCUVYYfwAQKJewf/fephzTU7gDkHgZzRTz8GsuQyoduv0J1Q
xknDbABjUL0IzrJ39GhJH163WHwuIF5+NFFxo4gb27dNxTXaSNWynQOODKMCp9Cq
iVfd+yfy+SrPiE9wxAiVc2wzwxAU3ZWyq8aMSdo6OsoHef1tq9AiAPes2Sqmheum
wHrCcySdnn+9f9oDL21ZIdZHd+yIWqFJAwykEdEZUUJ2ZmFVDuHkl2/Vlo+Kcn8M
AH0MdtG+h7TOM7sx04Au2IHGGfXT48caXRtaQcSO6Z2FsdU5WQj6+GzFCxYSE0+A
XLVSQ1Qn1CmYctD0rFSUa/2g0i1mB9Ac7l3JyWcHJpX+7F+YC1DbyQ==
=ueyg
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Admin Rights required on Terminal Services, Security
Next by Date:  Re: Is Dynamic WEP Secure Enough?, Vladamir
Previous by Thread:  MS Access SQL injection column enumeration, RaMatkal x2
Next by Thread:  RE: MS Access SQL injection column enumeration, Jeremy Viegas
Indexes:  [Date] [Thread] [Top] [All Lists]