Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Missing Operator SQL
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Wed, 6 Jun 2007 07:22:18 -0700

The "JET Database" tells you that you are working with MS JET, not MS SQL (as in Access). You need to use MS Jet syntax for your SQL.

t

----- Original Message ----- From: "DokFLeed" <dokfleed () dokfleed net>
To: <pen-test () securityfocus com>
Sent: Tuesday, June 05, 2007 2:48 AM
Subject: Missing Operator SQL


Howdy
I am testing this local application, not really a big fan of ASP so any =
help is welcome

http://localhost/account.asp?ID=3D12';Exec master..xp_cmdshell 'dir

Microsoft JET Database Engine error '80040e14'
Syntax error (missing operator) in query expression 'D.xID=3D12';EXEC =
master..xp_cmdshell 'dir'.


What is the missing operator for ?


Cheers,
Dok


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]