Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: MS Access SQL injection column enumeration

RE: MS Access SQL injection column enumeration

From: Jeremy Viegas <jeremy.viegas_at_gmail.com>
Date: Mon, 21 Mar 2005 15:49:07 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Most often the ODBC connection the web app uses prevents access to
the msysobjects table of the database. Here is what the error
generally looks like:

Microsoft OLE DB Provider for ODBC Drivers (0x80040E09)
[Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read;
no read permission on 'msysobjects'.

The same queries will work for you inside access when fired straight
on the database.

Yes, and column enumeration is not an easy task!

You might want to look over the access file format (MDB) for Jet 3
and Jet4 databases.

Happy Pen-Testing ...
____________________________________________________________________

Jeremy D. Viegas Email: jeremyv_at_cc.gatech.edu
Masters in Information Security Mobile: 404.324.2993
College of Computing, http://www.cc.gatech.edu/~jeremyv
Georgia Institute of Technology (PGP Public Key on my webpage)
____________________________________________________________________

- -----Original Message-----
From: RaMatkal x2 [mailto:ramatkal_at_hotmail.com]
Sent: Saturday, March 19, 2005 3:34 PM
To: security-basics_at_securityfocus.com
Subject: MS Access SQL injection column enumeration

I am conducting a pen-test on a web app that is vulnerable to SQL
injection.
The backend database is MS access.....

i have managed to get a list of table names using something like the
following:

select Name, from MSysObjects
where Type=1
  and Name not like "MSys*";

However, I am struggling to find a way to gather a list of column
names from
each table which
would allow me to read any data from the database......
None of the sql injection papers / tutorials seem to have much to say
about
Access databases...

Anybody got any ideas?

Thanks in advance...
ramatkal_at_hotmail.com

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQj8zIleSFCUVYYfwAQKJewf/fephzTU7gDkHgZzRTz8GsuQyoduv0J1Q
xknDbABjUL0IzrJ39GhJH163WHwuIF5+NFFxo4gb27dNxTXaSNWynQOODKMCp9Cq
iVfd+yfy+SrPiE9wxAiVc2wzwxAU3ZWyq8aMSdo6OsoHef1tq9AiAPes2Sqmheum
wHrCcySdnn+9f9oDL21ZIdZHd+yIWqFJAwykEdEZUUJ2ZmFVDuHkl2/Vlo+Kcn8M
AH0MdtG+h7TOM7sx04Au2IHGGfXT48caXRtaQcSO6Z2FsdU5WQj6+GzFCxYSE0+A
XLVSQ1Qn1CmYctD0rFSUa/2g0i1mB9Ac7l3JyWcHJpX+7F+YC1DbyQ==
=ueyg
-----END PGP SIGNATURE-----
Received on Mar 22 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]