![pen-test logo](/images/pen-test-logo.png)
Penetration Testing mailing list archives
RE: Missing Operator SQL
From: "Goran Pizent" <goran.pizent () mobilnet hr>
Date: Wed, 6 Jun 2007 11:29:56 +0200
Few thigs:
http://localhost/account.asp?ID=3D12';Exec master..xp_cmdshell 'dir
Should be: http://localhost/account.asp?ID=3D12';Exec master..xp_cmdshell 'dir';-- -- is to comment out any where order by parts of SQL request Another thing is you are obviously accessing MS Access database. xp_cmdshell will not help you here. Google "RunApp" Access macro and change request... Regards, GoranP -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of DokFLeed Sent: 5. lipanj 2007 11:48 To: pen-test () securityfocus com Subject: Missing Operator SQL Howdy I am testing this local application, not really a big fan of ASP so any = help is welcome http://localhost/account.asp?ID=3D12';Exec master..xp_cmdshell 'dir Microsoft JET Database Engine error '80040e14' Syntax error (missing operator) in query expression 'D.xID=3D12';EXEC = master..xp_cmdshell 'dir'. What is the missing operator for ? Cheers, Dok ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Missing Operator SQL DokFLeed (Jun 05)
- RE: Missing Operator SQL Goran Pizent (Jun 06)
- <Possible follow-ups>
- Re: Missing Operator SQL Thor (Hammer of God) (Jun 06)