Penetration Testing: Re: MS SQL, find list of tables

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: MS SQL, find list of tables

From: Bernhard Mueller <research () sec-consult com>
Date: Tue, 27 Sep 2005 17:17:35 +0200

MSDN has a complete list of mssql system tables:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sys_00_690z.asp

normally "SELECT name FROM sysobjects" should do the job, as every
database has it's own sysobjects table.

good luck ;)

Cedric Foll wrote:

Hi,

I'm doing a pen test on a IIS/MS SQL box and find a SQL Injection on it
which permit to execute some SQL command on it.

In fact I have a "select" where I can inject an "UNION something".
I'd like to use that in order to get login/passwd in the database.

I can do:
<somethin.asp?page=contact' UNION SELECT * FROM users WHERE '1'='1>
But the table users doesn't exist and I failed to guess an existing
table name :(.

I've tried:
<something.asp?page=contact' UNION SELECT * FROM MSysObjects'>
but I get
----
Microsoft OLE DB Provider for ODBC Drivers error '80040e09'

[Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no
read permission on 'MSysObjects'.
----

Someone has an idea ????

Regards



-- 
_____________________________________________________

~  DI (FH) Bernhard Mueller
~  IT Security Consultant

~  SEC-Consult Unternehmensberatung GmbH
~  www.sec-consult.com

~  A-1080 Wien  Blindengasse 3
~  Tel:   +43/676/840301718
~  Fax:   +43/(0)1/4090307-590
______________________________________________________

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

By Date By Thread

Current thread:

MS SQL, find list of tables Cedric Foll (Sep 27)
- Re: MS SQL, find list of tables Cedric Foll (Sep 28)
- RE: MS SQL, find list of tables Ofer Maor (Sep 28)
- Re: MS SQL, find list of tables Jon DeShirley (Sep 28)
- Re: MS SQL, find list of tables Bernhard Mueller (Sep 28)
- <Possible follow-ups>
- RE: MS SQL, find list of tables BHAI JAINUDDINBHAI, TRUNKWALA KUTBUDDIN (TRUNKWALA KUTBUDDIN)** CTR ** (Sep 28)
- RE: MS SQL, find list of tables Velasco Herrero, Jose Antonio (Sep 28)
- RE: MS SQL, find list of tables LAROUCHE Francois (Sep 29)