Re: WebSleuth and the SQLInjeciton Plugin

["Chip Andrews" <chipandrews () usa net>]

Phil,

Try running SQL Profiler at the same time you are implementing the plug-in.
By looking at the last statement issued, and then running it manually in the
Query Analyzer using the same credentials you provided to the plug-in you
should get a more detailed error message that may help you identify the
problem.

Also - make sure you have the application set to "SQL Server and Windows
Authentication".  Since the plug-in uses the 'sa' account to authenticate,
if your SQL Server is in "Windows Auth" mode then native SQL Server accounts
will not be able to authenticate.

Feel free to write me directly if you have further issues.

Chip Andrews
chip () sqlsecurity com
www.sqlsecurity.com

----- Original Message -----
From: "Phil Cox" <Phil.Cox () SystemExperts com>
To: <webappsec () securityfocus com>
Sent: Monday, March 10, 2003 12:28 PM
Subject: WebSleuth and the SQLInjeciton Plugin


> All,
>
> I am trying to get the SQL injection plug-in to work, but to no avail. I
> have an MSSQL server (on a separate box), but get the following error
> when trying the test against a web site:
>
> "There was an error creating the trace. Operation aborting. Please check
> the SQL server credentials."
>
> I know I have the right password. Any thoughts?
>
> Phil