Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MS Access SQL injection column enumeration

From: Eiríkur Eiríksson <eirikure () simi is>
Date: Mon, 21 Mar 2005 14:48:29 +0000
The simplest way would be query each of the tables whose names are 
returned from the first query, something like this:

SELECT TOP 1 * FROM <TABLE_NAME>

This will return a single row and column names.

-----
Kveðja/Regards
Eirikur Eiriksson
Öryggisstjóri / CISO
Síminn / Iceland Telecom

full-disclosure-bounces () lists grok org uk wrote on 19.03.2005 20:23:17:


I am conducting a pen-test on a web app that is vulnerable to SQL 
injection. The backend database is MS access.....

i have managed to get a list of table names using something like the
following: 
select Name, from MSysObjects 
where  Type=1
  and  Name not like "MSys*";
However, I am struggling to find a way to gather a list of column 
names from each table which 
would allow me to read any data from the database......
None of the sql injection papers / tutorials seem to have much to 
say about Access databases... 
Anybody got any ideas?
Thanks in advance...
ramatkal@hotmail.com_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: