Penetration Testing mailing list archives
RE: MS SQL, find list of tables
From: "BHAI JAINUDDINBHAI, TRUNKWALA KUTBUDDIN (TRUNKWALA KUTBUDDIN)** CTR **" <qutub () lucent com>
Date: Wed, 28 Sep 2005 10:54:58 +0530
I don't think there is an easy way to get the list of tables on the db u r testing. Use trial and error to try all the table names that are likely be used for storing user information. If the application u r testing is based on an open source software, it will be easy to get the default db schema by downloading the application from the respective website. -----Original Message----- From: Cedric Foll [mailto:cedric.foll () ac-rouen fr] Sent: Monday, September 26, 2005 7:31 PM To: pen-test () securityfocus com Subject: MS SQL, find list of tables Hi, I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it which permit to execute some SQL command on it. In fact I have a "select" where I can inject an "UNION something". I'd like to use that in order to get login/passwd in the database. I can do: <somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1> But the table users doesn't exist and I failed to guess an existing table name :(. I've tried: <something.asp?page=contact' UNION SELECT * FROM MSysObjects'> but I get ---- Microsoft OLE DB Provider for ODBC Drivers error '80040e09' [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no read permission on 'MSysObjects'. ---- Someone has an idea ???? Regards -- Cedric Foll Ingénieur Sécurité & Réseaux Division Informatique, Rectorat de Rouen "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk." Bruce Schneier ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- MS SQL, find list of tables Cedric Foll (Sep 27)
- Re: MS SQL, find list of tables Cedric Foll (Sep 28)
- RE: MS SQL, find list of tables Ofer Maor (Sep 28)
- Re: MS SQL, find list of tables Jon DeShirley (Sep 28)
- Re: MS SQL, find list of tables Bernhard Mueller (Sep 28)
- <Possible follow-ups>
- RE: MS SQL, find list of tables BHAI JAINUDDINBHAI, TRUNKWALA KUTBUDDIN (TRUNKWALA KUTBUDDIN)** CTR ** (Sep 28)
- RE: MS SQL, find list of tables Velasco Herrero, Jose Antonio (Sep 28)
- RE: MS SQL, find list of tables LAROUCHE Francois (Sep 29)