Penetration Testing mailing list archives
Insomnia: Whitepaper - Access Through Access
From: "Brett Moore" <brett.moore () insomniasec com>
Date: Thu, 1 May 2008 12:18:02 +1200
___________________________________________________________________ Insomnia Security :: Access Through Access ___________________________________________________________________ Name: Access Through Access Released: 01 May 2008 Author: Brett Moore, Insomnia Security Original Link: http://www.insomniasec.com/releases/whitepapers-presentations ___________________________________________________________________ MS Access is commonly thought of as the little brother of Database engines, and not a lot of material has been published about methods used for exploiting it during a penetration test. The aim of this paper is to bring a lot of disparate information together into one guide. This paper will outline methods to identify different versions of MS Jet, some SQL Injection methods to use during tests, and some other techniques to access files, servers, and potentially gain command access. ___________________________________________________________________ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Insomnia: Whitepaper - Access Through Access Brett Moore (Apr 30)