<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: SQL injection with sql 2000 sp3

SQL injection with sql 2000 sp3

From: dsan <dsan_at_dev.ugc-labs.co.uk>
Date: 1 Oct 2003 16:02:50 -0000

('binary' encoding is not supported, stored as-is) hey all,

I'm struggling with a test on a app that uses sql2k with sp3.
im able to do execute SELECT statements with no problem, yet when i try with anything else i get syntax error messages (even though they seem to be valid statements)

when trying the traditional @@version i get,

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
<snip> Incorrect syntax near '@@version@

Has sp3 changed all the rights for the default user to only allow SELECT queries, or are there options you can do to remove all these options from the DB?

Appreciate any help on this

Received on Oct 01 2003

This message: [ Message body ]
Next message: Vinny Bedus: "RE: SQL injection with sql 2000 sp3"
Next in thread: Vinny Bedus: "RE: SQL injection with sql 2000 sp3"
Reply: Vinny Bedus: "RE: SQL injection with sql 2000 sp3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]