WebApp Sec mailing list archives
RE: Blind SQL Injection / Stored procedures
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Thu, 17 Nov 2005 09:48:00 -0600
Fancois, nice explanation,
-----Original Message----- From: LAROUCHE Francois [mailto:Francois.Larouche () accorservices com] Sent: Thursday, November 17, 2005 8:59 AM
[...]
d) If you still can't well sorry... I think there is no other way except those already mentioned by the others (by the way to execute xp_makewebtask you need to have high user privileges something you are obviously not)
Has anyone published a complete list/table of MSSQL (and other DB) stored procs/pls on the web, and what the default privs to them are? I've made one but I'm not sure yet if I'm allowed to publish it. This would be a nice handy sql-injection reference table for people who are new to SQLi with stored procs, or just have a bad memory/aren't very smart [me]. -ae
Current thread:
- Blind SQL Injection / Stored procedures Andres Molinetti (Nov 15)
- Re: Blind SQL Injection / Stored procedures Adam Tuliper (Nov 15)
- Re: Blind SQL Injection / Stored procedures Laramies (Nov 16)
- RE: Blind SQL Injection / Stored procedures Victor Chapela (Nov 18)
- <Possible follow-ups>
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 16)
- RE: Blind SQL Injection / Stored procedures Andres Molinetti (Nov 16)
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 17)
- Re: Blind SQL Injection / Stored procedures Phillip Powell (Nov 17)
- RE: Blind SQL Injection / Stored procedures Evans, Arian (Nov 17)
- Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures Frederic Charpentier (Nov 17)
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 18)
- Re: Blind SQL Injection / Stored procedures ascii (Nov 18)