WebApp Sec mailing list archives
RE: [Full-disclosure] SQL Injection with cursors?
From: "Maxime Ducharme" <mducharme () cybergeneration com>
Date: Wed, 8 Nov 2006 14:21:43 -0500
Hello I remember seeing this when using a certain type of LockType or CursorType property ADODB.RecordSet to speed up large queries if memory serves well, RecordSet.LockType set to adLockReadOnly will cause this error if you use something else than SELECT statements HTH Maxime Ducharme -----Message d'origine----- De : full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] De la part de Andres Molinetti Envoyé : 8 novembre, 2006 11:33 À : full-disclosure () lists grok org uk Cc : webappsec () securityfocus com Objet : [Full-disclosure] SQL Injection with cursors? Hi, I have another question, somehow related with my previous one. I have an injection point, where I can do, for example test.asp?param=blabla' and 1=(select @@version)-- and injections of the sort, and retrieve the information without problems. Now, when I try to execute a stored procedure like test.asp?param=blabla' exec master..xp_cmdshell 'dir'-- or test.asp?param=blabla'; exec master..xp_cmdshell 'dir'-- I get the following error: Microsoft OLE DB Provider for SQL Server error '80040e14' sp_cursoropen/sp_cursorprepare: The statement parameter can only be a single select or a single stored procedure. Does anybody got an idea of why this is happening? Best Regards, Andy. _________________________________________________________________ Dale rienda suelta a tu tiempo libre. Mil ideas para exprimir tu ocio con MSN Entretenimiento. http://entretenimiento.msn.es/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ------------------------------------------------------------------------- Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself. https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU --------------------------------------------------------------------------
Current thread:
- RE: [Full-disclosure] SQL Injection with cursors? Maxime Ducharme (Nov 08)