Dailydave mailing list archives
MS Access SQL injection
From: "RaMatkal" <ramatkal () hotmail com>
Date: Mon, 21 Mar 2005 10:36:32 +0200
I am conducting a pen-test on a web app that is vulnerable to SQL injection. The backend database is MS access..... i have managed to get a list of table names using something like the following: select Name, from MSysObjects where Type=1 and Name not like "MSys*" However, I am struggling to find a way to gather a list of column names from each table which would allow me to read any data from the database...... Anybody got any ideas? Thanks in advance... ramatkal () hotmail com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- MS Access SQL injection RaMatkal (Mar 21)
- Re: MS Access SQL injection Andy Norman (Mar 21)
- Re: MS Access SQL injection Andy Norman (Mar 21)
- Re: MS Access SQL injection RaMatkal (Mar 21)
- Re: MS Access SQL injection Peter Busser (Mar 21)
- Re: MS Access SQL injection RaMatkal (Mar 21)
- Re: MS Access SQL injection Andy Norman (Mar 21)
- Re: MS Access SQL injection Andy Norman (Mar 21)
- <Possible follow-ups>
- RE: MS Access SQL injection Thomas Quinlan (Mar 21)
- RE: MS Access SQL injection Matt Fisher (Mar 21)