Penetration Testing mailing list archives

Re: SQL

From: David.French () ey com
Date: Mon, 19 Nov 2001 18:20:52 -0600


The following is where you can find a paper written by David Litchfield
that might be helpful to you.

www.blackhat.com/presentations/win-usa-01/Litchfield/BHWin01Litchfield.doc

Dave
|------------------------+------------------------+------------------------|
|                        |   "Gary O'leary-Steele"|                        |
|                        |   <GaryO () sec-1 com>    |           To:          |
|                        |                        |   <PEN-TEST@securityfoc|
|                        |   11/19/2001 10:24 AM  |   us.com>              |
|                        |   Please respond to    |           cc:          |
|                        |   garyo                |   (bcc: David C.       |
|                        |                        |   French/Chicago/AUDIT/|
|                        |                        |   EYLLP/US)            |
|                        |                        |           Subject:     |
|                        |                        |   SQL                  |
|------------------------+------------------------+------------------------|










Hello all,


I am doing a pen test against a IIS 5 web server. The web server requires a
user name and password via a logon form. if a single quote character is
entered (username)the following error is produced

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark
before the character string '' and password=''.

I remember reading somewhere that this can be used to gain further access?
but i cant find the info.

Can any one help?

Thanks in advance.

Gary


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/







______________________________________________________________________
The information contained in this message may be privileged and
confidential and protected from disclosure.  If the reader of this message
is not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify us immediately by replying to the message and deleting it
from your computer.  Thank you.  Ernst & Young LLP


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

SQL Gary O'leary-Steele (Nov 19)
- Re: SQL Kevin Spett (Nov 20)
- Re: SQL root (Nov 20)
- Re: SQL neil-at-geekshanty-dot-com (Nov 20)
- Re: SQL Sverre H. Huseby (Nov 20)
- <Possible follow-ups>
- RE: SQL Holmes, Ben (Nov 20)
- RE: SQL Javier Fernández-Sanguino (Nov 20)
- RE: SQL Paul Midian (Nov 20)
- Re: SQL David . French (Nov 20)
- RE: SQL Andy Miller (Nov 21)
- Re: SQL Andrea secondote? (Nov 22)
- RE: SQL rudi carell (Nov 22)
- RE: SQL Javier Fernández-Sanguino (Nov 23)