I don't remember the specifics of MS Access SQL, but a good place to
look and practice is with OWASP's WebGoat. It uses a MS Access
backend when the server is run on Windows.
If you don't want to install it, you may be able to learn something
from browsing the source code and hints for the SQL injection lessons
at:
http://cvs.sourceforge.net/viewcvs.py/owasp/webgoat/src/lessons/
Good luck.
Chuck
On 1/19/06, Robin Wood <dninja@gmail.com> wrote:
Hi
I'm trying to get sql injection working against a access db. I've
tried the standard -- as a comment and I've also tried %0A and $0D
with no luck. Can anyone suggest any other ways to comment out the
rest of the statement?
Robin
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
