[PEN-TEST] new idea in sql injection with stored proc problem

[Cristiano Lincoln Mattos <lincoln () CESAR ORG BR>]

Hi,

        I've came up with an idea for the problem that i
posted earlier... i'll be trying it very soon: delete
one of the stored procs that the app uses, and create
one of my own, accepting the same parameters (of course),
and doing basically whaever i want in it.  Next time the
ASP code calls it, it will execute my version.

        I havent tried this yet, so i dont know if it
works... if any one has any tips, i'd appreciate it.

Cristiano Lincoln Mattos, SSCP
CESAR - Centro de Estudos e Sistemas Avançados do Recife