Network Security: Detailed info on RE: Blind SQL Injection / Stored procedures

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

RE: Blind SQL Injection / Stored procedures

from [Evans, Arian] Network Security

[Permanent Link]

Subject:	RE: Blind SQL Injection / Stored procedures
Date:	Thu, 17 Nov 2005 09:48:00 -0600

Fancois, nice explanation,

-----Original Message-----
From: LAROUCHE Francois [mailto:Francois.Larouche@accorservices.com] 
Sent: Thursday, November 17, 2005 8:59 AM

[...]

d) If you still can't well sorry... I think there is no other 
way except those already mentioned by the others (by the way 
to execute xp_makewebtask you need to have high user 
privileges something you are obviously not)


Has anyone published a complete list/table of MSSQL (and other DB)
stored procs/pls on the web, and what the default privs to them are?

I've made one but I'm not sure yet if I'm allowed to publish it.

This would be a nice handy sql-injection reference table for
people who are new to SQLi with stored procs, or just have a
bad memory/aren't very smart [me].

-ae

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Blind SQL Injection / Stored procedures, Andres Molinetti Re: Blind SQL Injection / Stored procedures, Adam Tuliper Re: Blind SQL Injection / Stored procedures, Laramies RE: Blind SQL Injection / Stored procedures, Victor Chapela RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois RE: Blind SQL Injection / Stored procedures, Andres Molinetti RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois Re: Blind SQL Injection / Stored procedures, Phillip Powell RE: Blind SQL Injection / Stored procedures, Evans, Arian <= Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures, Frederic Charpentier RE: Blind SQL Injection / Stored procedures, LAROUCHE Francois Re: Blind SQL Injection / Stored procedures, ascii

Previous by Date:	Re: HTTP REFERER not set in Internet Explorer, Saqib Ali
Next by Date:	Re: Software liability, Joseph Miller
Previous by Thread:	Re: Blind SQL Injection / Stored procedures, Phillip Powell
Next by Thread:	Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures, Frederic Charpentier
Indexes:	[Date] [Thread] [Top] [All Lists]