Home page logo
/

pen-test logo Penetration Testing mailing list archives

MS SQL, find list of tables
From: Cedric Foll <cedric.foll () ac-rouen fr>
Date: Mon, 26 Sep 2005 16:00:48 +0200

Hi,

I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
which permit to execute some SQL command on it.

In fact I have a "select" where I can inject an "UNION something".
I'd like to use that in order to get login/passwd in the database.

I can do:
<somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1>
But the table users doesn't exist and I failed to guess an existing
table name :(.

I've tried:
<something.asp?page=contact' UNION SELECT * FROM MSysObjects'>
but I get
----
Microsoft OLE DB Provider for ODBC Drivers error '80040e09'

[Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no
read permission on 'MSysObjects'.
----

Someone has an idea ????

Regards

-- 
Cedric Foll
Ingénieur Sécurité & Réseaux
Division Informatique, Rectorat de Rouen

"More people are killed every year by pigs than by sharks,
which shows you how good we are at evaluating risk."
Bruce Schneier

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault