Re: Table enumeration

["Allen Harper" <harperaa () yahoo com>]

Adik,

Dave Aitel's friends over at @stake recently gave us a course in Monterey,
California.  This document was used and basically offers an answer to your
question.  It is written by David Litchfield.  This was also presented at
Blackhat Windows 2k security (Feb 2001).  It deals with the use of ODBC
errors.  Note, requires poor programming techniques to be vulnerable.

http://srd.yahoo.com/goo/%22web+application+disassembly%22/1/T=1014358112/F=
61aec52ae3686d314621664a6d0ebb44/*http://www.blackhat.com/presentations/win-
usa-01/Litchfield/BHWin01Litchfield.doc

allen
----- Original Message -----
From: "Adik" <abdulla () mail auk kg>
To: <pen-test () securityfocus com>
Sent: Friday, February 15, 2002 1:54 AM
Subject: Table enumeration


> Hi all!
> How is it possible to enumerate table names in a database file? I've heard
in
> ms sql server there is system table name called sysobjects which contains
all
> table names. A little help would be really appreciated. Thanks.
> Adik
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/