Penetration Testing mailing list archives
RE: MS SQL, find list of tables
From: "LAROUCHE Francois" <Francois.Larouche () accorservices com>
Date: Thu, 29 Sep 2005 17:22:56 +0200
Hi Cedric, By default MS ACCESS will block access to 'MSysObjects'. The DBO will have to give those rights. Funny thing is that MS ACCESS in a weird way is more a pain to SQL inject than SQL Server and Oracle. So the only thing as far as I know that you can do is to guess the user table name. All is not lost, because if the developer is the same than the one that designed the database there are fair chances that he will be coherent in the way he names his web page with the entities in the DB. For example, I found many times that ModifyUsers.asp will be Users table, ModifyProfile will be Profile table and so on. Look in the web page source code also. Since you're French, try to see if the names aren't in french, like Utilisateur, Usager, administrateur with or without an s. Or tbUsers, tblUsers. Lastly, if the site web's name is, I don't know... Acme, well you can try Acme_user, acme_login, etc... Good luck! François Larouche -----Original Message----- From: Velasco Herrero, Jose Antonio [mailto:joseantonio.velasco () t-systems es] Sent: Tuesday, September 27, 2005 5:36 PM To: Cedric Foll; pen-test () securityfocus com Subject: RE: MS SQL, find list of tables Did you try something like this? <somethin.asp?page= 'UNION ALL SELECT name FROM sysobjects WHERE xtype='U AFAIK MSysObjects is not an MS SQL Server table but an Access one. I hope this helps Jose
-----Mensaje original----- De: Cedric Foll [mailto:cedric.foll () ac-rouen fr] Enviado el: lunes, 26 de septiembre de 2005 16:01 Para: pen-test () securityfocus com Asunto: MS SQL, find list of tables Hi, I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it which permit to execute some SQL command on it. In fact I have a "select" where I can inject an "UNION something". I'd like to use that in order to get login/passwd in the database. I can do: <somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1> But the table users doesn't exist and I failed to guess an existing table name :(. I've tried: <something.asp?page=contact' UNION SELECT * FROM MSysObjects'> but I get ---- Microsoft OLE DB Provider for ODBC Drivers error '80040e09' [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no read permission on 'MSysObjects'. ---- Someone has an idea ???? Regards -- Cedric Foll Ingénieur Sécurité & Réseaux Division Informatique, Rectorat de Rouen "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk." Bruce Schneier -------------------------------------------------------------------------- ---- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------- -----
-------------------------------------------------------------------------------- INFORMACION IMPORTANTE - IMPORTANT NEWS -------------------------------------------------------------------------------- A partir del 12 de septiembre de 2005, nuestras oficinas de Avda. Llano Castellano y Capitán Haya en Madrid, se trasladan a: As from September 12, 2005, our offices in: Avda. Llano Castellano and Capitán Haya (Madrid) are moving to a new address: ------ Calle Orduña, 2 - 28034 Madrid ------ Nuestros números de teléfono y de fax así como nuestras direcciones de correo electrónico permanecen sin cambios. Our telephone and fax numbers as well as our e-mail addresses remain the same. ---------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- This e-mail may contain confidential or privileged information. Any unauthorised copying, use or distribution of this information is strictly prohibited. If you are not the intended recipient, please notify the sender and destroy this e-mail together with all of its content. -------------------------------------------------------------------------------- Este mensaje electrónico puede contener información confidencial o privilegiada, por lo que está completamente prohibida la copia, el uso o la distribución no autorizada de dicha información. Si usted no es el destinatario del mensaje, le rogamos que lo notifique al remitente y que lo destruya junto con todo su contenido. -------------------------------------------------------------------------------- Aquest missatge electrònic pot contenir informació confidencial o privilegiada i està completament prohibida qualsevol còpia, ús o distribució no autoritzada d'aquesta informació. Si vostè no és el seu destinatari, si us plau notifiqui-ho al remitent i destrueixi el missatge amb tot el seu contingut. -------------------------------------------------------------------------------- Mezu elektroniko honek informazio konfidentziala edo pribilegiatua eduki dezake. Erabat debekaturik dago informazio hori baimenik gabe kopiatu, erabili edo banatzea. Mezu hau ez bada zuri zuzendua, arren, igortzaileari jakinarazi eta bere edukiarekin batera ezaba ezazu. -------------------------------------------------------------------------------- Esta mensaxe electrónica pode conter información confidencial ou privilexiada e está completamente prohibida calquera copia, uso ou distribución non autorizado desta información. Se vostede non é o seu destinatario, faga o favor de llo notificar ao remitente e destrúa a mensaxe e todo o seu contido. -------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------- ______________________________________________________________________________________________________________________________ This email, the information contained within and any files transmitted with it (herein after referred as "the message") are confidential. It is intended solely for the addressees and access to this message by any other person is not permitted. If you are not the named addressee, please send it back immediately to the sender and delete it. Unauthorized disclosure, publication, use, dissemination, forwarding, printing or copying of this message, either in whole or in part, is strictly prohibited. Emails are susceptible to alteration and their integrity cannot be guaranteed. Our company shall not be liable for this message if modified or falsified. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- MS SQL, find list of tables Cedric Foll (Sep 27)
- Re: MS SQL, find list of tables Cedric Foll (Sep 28)
- RE: MS SQL, find list of tables Ofer Maor (Sep 28)
- Re: MS SQL, find list of tables Jon DeShirley (Sep 28)
- Re: MS SQL, find list of tables Bernhard Mueller (Sep 28)
- <Possible follow-ups>
- RE: MS SQL, find list of tables BHAI JAINUDDINBHAI, TRUNKWALA KUTBUDDIN (TRUNKWALA KUTBUDDIN)** CTR ** (Sep 28)
- RE: MS SQL, find list of tables Velasco Herrero, Jose Antonio (Sep 28)
- RE: MS SQL, find list of tables LAROUCHE Francois (Sep 29)